wpa_supplicant-gui-2.10-150600.7.3.1<>, fp9|\'2 Ȁ7p^Pw B /gocUepZ$P+;voX)sZдҶv>UHʋauyuaBt3*m=5yg2lߤ_w3oR*~Dg$2x[>QD\U|/7^meȔF{2=sFdN#Ⱦq#a>`M GcZY!!,4oi>/ǵQn /ԏ_KX؊W-6%w\`~i3>>?d ' J , BNkq|      *4`ht(8*9T*: *FGHIXY\ ](^=b]cdefluvwxyz8HLRCwpa_supplicant-gui2.10150600.7.3.1WPA supplicant graphical front-endThis package contains a graphical front-end to wpa_supplicant, an implementation of the WPA Supplicant component.fh02-armsrv1 SUSE Linux Enterprise 15SUSE LLC BSD-3-Clause AND GPL-2.0-or-laterhttps://www.suse.com/Unspecifiedhttps://w1.fi/wpa_supplicantlinuxaarch64 큤ffd0bc3642a63d3175bdc57c59ed292ac370916851027116f486085f19fdeabf59d57783ead2cca37539bf8b5c4a81b8105c2970de177652fe1a027433593467aarootrootrootrootwpa_supplicant-2.10-150600.7.3.1.src.rpmwpa_supplicant-guiwpa_supplicant-gui(aarch-64)@@@@@@@@@@@@@@@@@@    ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libQt5Core.so.5()(64bit)libQt5Core.so.5(Qt_5)(64bit)libQt5Gui.so.5()(64bit)libQt5Gui.so.5(Qt_5)(64bit)libQt5Widgets.so.5()(64bit)libQt5Widgets.so.5(Qt_5)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libgcc_s.so.1()(64bit)libgcc_s.so.1(GCC_3.0)(64bit)libstdc++.so.6()(64bit)libstdc++.so.6(CXXABI_1.3)(64bit)libstdc++.so.6(CXXABI_1.3.9)(64bit)libstdc++.so.6(GLIBCXX_3.4)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)wpa_supplicant3.0.4-14.6.0-14.0-15.2-14.14.3e}@c@b@b@`lM@`?z@`:4@`_|\@_i@_i@^@^@^|@^|@^Y]]>[<@[[ā@[[;@[@[QY@X@X]W@VU@VŲ@V`V=@UKSUCjU8U'@U/@TBV@cfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comcfamullaconrad@suse.comsp1ritCS@protonmail.comcfamullaconrad@suse.comsongchuan.kang@suse.comcfamullaconrad@suse.combwiedemann@suse.comcfamullaconrad@suse.comilya@ilya.pp.uatchvatal@suse.comtchvatal@suse.comilya@ilya.pp.uailya@ilya.pp.uakbabioch@suse.comro@suse.dekbabioch@suse.comkbabioch@suse.comkbabioch@suse.comro@suse.demeissner@suse.comobs@botter.ccdwaas@suse.commeissner@suse.comtchvatal@suse.comlnussel@suse.decrrodriguez@opensuse.orgcrrodriguez@opensuse.orgcrrodriguez@opensuse.orglnussel@suse.demichael@stroeder.comro@suse.dezaitor@opensuse.orgcrrodriguez@opensuse.orgstefan.bruens@rwth-aachen.destefan.bruens@rwth-aachen.destefan.bruens@rwth-aachen.de- Add CVE-2023-52160.patch - Bypassing WiFi Authentication (bsc#1219975) - Change ctrl_interface from /var/run to %_rundir (/run)- update to 2.10.0: jsc#PED-2904 * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions - drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch, CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch, CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch: upstream - drop restore-old-dbus-interface.patch, wicked has been switching to the new dbus interface in version 0.6.66 - config: * re-enable CONFIG_WEP * enable QCA vendor extensions to nl80211 * enable support for Automatic Channel Selection * enable OCV, security feature that prevents MITM multi-channel attacks * enable QCA vendor extensions to nl80211 * enable EAP-EKE * Support HT overrides * TLS v1.1 and TLS v1.2 * Fast Session Transfer (FST) * Automatic Channel Selection * Multi Band Operation * Fast Initial Link Setup * Mesh Networking (IEEE 802.11s) - Add dbus-Fix-property-DebugShowKeys-and-DebugTimestamp.patch (bsc#1201219) - Move the dbus-1 system.d file to /usr (bsc#1200342) - Added hardening to systemd service(s) (bsc#1181400). Modified: * wpa_supplicant.service - drop wpa_supplicant-getrandom.patch : glibc has been updated so the getrandom() wrapper is now there - Sync wpa_supplicant.spec with Factory- Enable WPA3-Enterprise (SuiteB-192) support.- Add CVE-2022-23303_0001.patch, CVE-2022-23303_0002.patch, CVE-2022-23303_0003.patch, CVE-2022-23303_0004.patch SAE/EAP-pwd side-channel attack update 2 (CVE-2022-23303, CVE-2022-23304, bsc#1194732, bsc#1194733)- Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348)- Fix systemd device ready dependencies in wpa_supplicant@.service file. (see: https://forums.opensuse.org/showthread.php/547186-wpa_supplicant-service-fails-on-boot-succeeds-on-restart?p=2982844#post2982844)- Add CVE-2021-27803.patch -- P2P provision discovery processing vulnerability (bsc#1182805)- Add CVE-2021-0326.patch -- P2P group information processing vulnerability (bsc#1181777)- Add wpa_supplicant-p2p_iname_size.diff -- Limit P2P_DEVICE name to appropriate ifname size (https://patchwork.ozlabs.org/project/hostap/patch/20200825062902.124600-1-benjamin@sipsolutions.net/)- Fix spec file for SLE12, use make %{?_smp_mflags} instead of %make_build- Enable SAE support(jsc#SLE-14992).- Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934)- Add restore-old-dbus-interface.patch to fix wicked wlan (boo#1156920) - Restore fi.epitest.hostap.WPASupplicant.service (bsc#1167331)- With v2.9 fi.epitest.hostap.WPASupplicant.service is obsolete (bsc#1167331)- Change wpa_supplicant.service to ensure wpa_supplicant gets started before network. Fix WLAN config on boot with wicked. (boo#1166933)- Adjust the service to start after network.target wrt bsc#1165266- Update to 2.9 release: * SAE changes - disable use of groups using Brainpool curves - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * EAP-pwd changes - disable use of groups using Brainpool curves - allow the set of groups to be configured (eap_pwd_groups) - improved protection against side channel attacks [https://w1.fi/security/2019-6/] * fixed FT-EAP initial mobility domain association using PMKSA caching (disabled by default for backwards compatibility; can be enabled with ft_eap_pmksa_caching=1) * fixed a regression in OpenSSL 1.1+ engine loading * added validation of RSNE in (Re)Association Response frames * fixed DPP bootstrapping URI parser of channel list * extended EAP-SIM/AKA fast re-authentication to allow use with FILS * extended ca_cert_blob to support PEM format * improved robustness of P2P Action frame scheduling * added support for EAP-SIM/AKA using anonymous@realm identity * fixed Hotspot 2.0 credential selection based on roaming consortium to ignore credentials without a specific EAP method * added experimental support for EAP-TEAP peer (RFC 7170) * added experimental support for EAP-TLS peer with TLS v1.3 * fixed a regression in WMM parameter configuration for a TDLS peer * fixed a regression in operation with drivers that offload 802.1X 4-way handshake * fixed an ECDH operation corner case with OpenSSL * SAE changes - added support for SAE Password Identifier - changed default configuration to enable only groups 19, 20, 21 (i.e., disable groups 25 and 26) and disable all unsuitable groups completely based on REVmd changes - do not regenerate PWE unnecessarily when the AP uses the anti-clogging token mechanisms - fixed some association cases where both SAE and FT-SAE were enabled on both the station and the selected AP - started to prefer FT-SAE over SAE AKM if both are enabled - started to prefer FT-SAE over FT-PSK if both are enabled - fixed FT-SAE when SAE PMKSA caching is used - reject use of unsuitable groups based on new implementation guidance in REVmd (allow only FFC groups with prime >= 3072 bits and ECC groups with prime >= 256) - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-1/] (CVE-2019-9494, bsc#1131868) * EAP-pwd changes - minimize timing and memory use differences in PWE derivation [https://w1.fi/security/2019-2/] (CVE-2019-9495, bsc#1131870) - verify server scalar/element [https://w1.fi/security/2019-4/] (CVE-2019-9497, CVE-2019-9498, CVE-2019-9499, bsc#1131874, bsc#1131872, bsc#1131871, bsc#1131644) - fix message reassembly issue with unexpected fragment [https://w1.fi/security/2019-5/] (CVE-2019-11555, bsc#1133640) - enforce rand,mask generation rules more strictly - fix a memory leak in PWE derivation - disallow ECC groups with a prime under 256 bits (groups 25, 26, and 27) - SAE/EAP-pwd side-channel attack update [https://w1.fi/security/2019-6/] (CVE-2019-13377, bsc#1144443) * fixed CONFIG_IEEE80211R=y (FT) build without CONFIG_FILS=y * Hotspot 2.0 changes - do not indicate release number that is higher than the one AP supports - added support for release number 3 - enable PMF automatically for network profiles created from credentials * fixed OWE network profile saving * fixed DPP network profile saving * added support for RSN operating channel validation (CONFIG_OCV=y and network profile parameter ocv=1) * added Multi-AP backhaul STA support * fixed build with LibreSSL * number of MKA/MACsec fixes and extensions * extended domain_match and domain_suffix_match to allow list of values * fixed dNSName matching in domain_match and domain_suffix_match when using wolfSSL * started to prefer FT-EAP-SHA384 over WPA-EAP-SUITE-B-192 AKM if both are enabled * extended nl80211 Connect and external authentication to support SAE, FT-SAE, FT-EAP-SHA384 * fixed KEK2 derivation for FILS+FT * extended client_cert file to allow loading of a chain of PEM encoded certificates * extended beacon reporting functionality * extended D-Bus interface with number of new properties * fixed a regression in FT-over-DS with mac80211-based drivers * OpenSSL: allow systemwide policies to be overridden * extended driver flags indication for separate 802.1X and PSK 4-way handshake offload capability * added support for random P2P Device/Interface Address use * extended PEAP to derive EMSK to enable use with ERP/FILS * extended WPS to allow SAE configuration to be added automatically for PSK (wps_cred_add_sae=1) * removed support for the old D-Bus interface (CONFIG_CTRL_IFACE_DBUS) * extended domain_match and domain_suffix_match to allow list of values * added a RSN workaround for misbehaving PMF APs that advertise IGTK/BIP KeyID using incorrect byte order * fixed PTK rekeying with FILS and FT * fixed WPA packet number reuse with replayed messages and key reinstallation [https://w1.fi/security/2017-1/] (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) * fixed unauthenticated EAPOL-Key decryption in wpa_supplicant [https://w1.fi/security/2018-1/] (CVE-2018-14526) * added support for FILS (IEEE 802.11ai) shared key authentication * added support for OWE (Opportunistic Wireless Encryption, RFC 8110; and transition mode defined by WFA) * added support for DPP (Wi-Fi Device Provisioning Protocol) * added support for RSA 3k key case with Suite B 192-bit level * fixed Suite B PMKSA caching not to update PMKID during each 4-way handshake * fixed EAP-pwd pre-processing with PasswordHashHash * added EAP-pwd client support for salted passwords * fixed a regression in TDLS prohibited bit validation * started to use estimated throughput to avoid undesired signal strength based roaming decision * MACsec/MKA: - new macsec_linux driver interface support for the Linux kernel macsec module - number of fixes and extensions * added support for external persistent storage of PMKSA cache (PMKSA_GET/PMKSA_ADD control interface commands; and MESH_PMKSA_GET/MESH_PMKSA_SET for the mesh case) * fixed mesh channel configuration pri/sec switch case * added support for beacon report * large number of other fixes, cleanup, and extensions * added support for randomizing local address for GAS queries (gas_rand_mac_addr parameter) * fixed EAP-SIM/AKA/AKA' ext auth cases within TLS tunnel * added option for using random WPS UUID (auto_uuid=1) * added SHA256-hash support for OCSP certificate matching * fixed EAP-AKA' to add AT_KDF into Synchronization-Failure * fixed a regression in RSN pre-authentication candidate selection * added option to configure allowed group management cipher suites (group_mgmt network profile parameter) * removed all PeerKey functionality * fixed nl80211 AP and mesh mode configuration regression with Linux 4.15 and newer * added ap_isolate configuration option for AP mode * added support for nl80211 to offload 4-way handshake into the driver * added support for using wolfSSL cryptographic library * SAE - added support for configuring SAE password separately of the WPA2 PSK/passphrase - fixed PTK and EAPOL-Key integrity and key-wrap algorithm selection for SAE; note: this is not backwards compatible, i.e., both the AP and station side implementations will need to be update at the same time to maintain interoperability - added support for Password Identifier - fixed FT-SAE PMKID matching * Hotspot 2.0 - added support for fetching of Operator Icon Metadata ANQP-element - added support for Roaming Consortium Selection element - added support for Terms and Conditions - added support for OSEN connection in a shared RSN BSS - added support for fetching Venue URL information * added support for using OpenSSL 1.1.1 * FT - disabled PMKSA caching with FT since it is not fully functional - added support for SHA384 based AKM - added support for BIP ciphers BIP-CMAC-256, BIP-GMAC-128, BIP-GMAC-256 in addition to previously supported BIP-CMAC-128 - fixed additional IE inclusion in Reassociation Request frame when using FT protocol - Drop merged patches: * rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch * rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch * rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch * rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch * rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch * rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch * rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch * rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch * rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch * wpa_supplicant-bnc-1099835-fix-private-key-password.patch * wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch * wpa_supplicant-log-file-permission.patch * wpa_supplicant-log-file-cloexec.patch * wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch * wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch - Rebase patches: * wpa_supplicant-getrandom.patch- Refresh spec-file via spec-cleaner and manual optimizations. * Change URL and Source0 to actual project homepage. * Remove macro %{?systemd_requires} and rm (not needed). * Add %autopatch macro. * Add %make_build macro. - Chenged patch wpa_supplicant-flush-debug-output.patch (to -p1). - Changed service-files for start after network (systemd-networkd).- Refresh spec-file: add %license tag.- Renamed patches: - wpa-supplicant-log-file-permission.patch -> wpa_supplicant-log-file-permission.patch - wpa-supplicant-log-file-cloexec.patch -> wpa_supplicant-log-file-cloexec.patch - wpa_supplicant-log-file-permission.patch: Using O_WRONLY flag - Enabled timestamps in log files (bsc#1080798)- compile eapol_test binary to allow testing via radius proxy and server (note: this does not match CONFIG_EAPOL_TEST which sets -Werror and activates an assert call inside the code of wpa_supplicant) (bsc#1111873), (fate#326725) - add patch to fix wrong operator precedence in ieee802_11.c wpa_supplicant-git-fa67debf4c6ddbc881a212b175faa6d5d0d90c8c.patch - add patch to avoid redefinition of __bitwise macro wpa_supplicant-git-f5b74b966c942feb95a8ddbb7d130540b15b796d.patch- Added wpa-supplicant-log-file-permission.patch: Fixes the default file permissions of the debug log file to more sane values, i.e. it is no longer world-readable (bsc#1098854). - Added wpa-supplicant-log-file-cloexec.patch: Open the debug log file with O_CLOEXEC, which will prevent file descriptor leaking to child processes (bsc#1098854).- Added rebased-v2.6-0009-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch: Ignore unauthenticated encrypted EAPOL-Key data (CVE-2018-14526, bsc#1104205).- Enabled PWD as EAP method. This allows for password-based authentication, which is easier to setup than most of the other methods, and is used by the Eduroam network (bsc#1109209).- add two patches from upstream to fix reading private key passwords from the configuration file (bsc#1099835) - add patch for git 89971d8b1e328a2f79699c953625d1671fd40384 wpa_supplicant-bnc-1099835-clear-default_passwd_cb.patch - add patch for git f665c93e1d28fbab3d9127a8c3985cc32940824f wpa_supplicant-bnc-1099835-fix-private-key-password.patch- Fix KRACK attacks (bsc#1056061, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13087, CVE-2017-13088): - rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch - rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch - rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch - rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch - rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch - rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch - rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch - rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch- fix wpa_supplicant-sigusr1-changes-debuglevel.patch to match eloop_signal_handler type (needed to build eapol_test via config)- Added .service files that accept interfaces as %i arguments so it's possible to call the daemon with: "systemctl start wpa_supplicant@$INTERFACE_NAME.service" (like openvpn for example)- updated to 2.6 / 2016-10-02 * fixed WNM Sleep Mode processing when PMF is not enabled [http://w1.fi/security/2015-6/] (CVE-2015-5310 bsc#952254) * fixed EAP-pwd last fragment validation [http://w1.fi/security/2015-7/] (CVE-2015-5315 bsc#953115) * fixed EAP-pwd unexpected Confirm message processing [http://w1.fi/security/2015-8/] (CVE-2015-5316 bsc#953115) * fixed WPS configuration update vulnerability with malformed passphrase [http://w1.fi/security/2016-1/] (CVE-2016-4476 bsc#978172) * fixed configuration update vulnerability with malformed parameters set over the local control interface [http://w1.fi/security/2016-1/] (CVE-2016-4477 bsc#978175) * fixed TK configuration to the driver in EAPOL-Key 3/4 retry case * extended channel switch support for P2P GO * started to throttle control interface event message bursts to avoid issues with monitor sockets running out of buffer space * mesh mode fixes/improvements - generate proper AID for peer - enable WMM by default - add VHT support - fix PMKID derivation - improve robustness on various exchanges - fix peer link counting in reconnect case - improve mesh joining behavior - allow DTIM period to be configured - allow HT to be disabled (disable_ht=1) - add MESH_PEER_ADD and MESH_PEER_REMOVE commands - add support for PMKSA caching - add minimal support for SAE group negotiation - allow pairwise/group cipher to be configured in the network profile - use ieee80211w profile parameter to enable/disable PMF and derive a separate TX IGTK if PMF is enabled instead of using MGTK incorrectly - fix AEK and MTK derivation - remove GTKdata and IGTKdata from Mesh Peering Confirm/Close - note: these changes are not fully backwards compatible for secure (RSN) mesh network * fixed PMKID derivation with SAE * added support for requesting and fetching arbitrary ANQP-elements without internal support in wpa_supplicant for the specific element (anqp[265]= in "BSS " command output) * P2P - filter control characters in group client device names to be consistent with other P2P peer cases - support VHT 80+80 MHz and 160 MHz - indicate group completion in P2P Client role after data association instead of already after the WPS provisioning step - improve group-join operation to use SSID, if known, to filter BSS entries - added optional ssid= argument to P2P_CONNECT for join case - added P2P_GROUP_MEMBER command to fetch client interface address * P2PS - fix follow-on PD Response behavior - fix PD Response generation for unknown peer - fix persistent group reporting - add channel policy to PD Request - add group SSID to the P2PS-PROV-DONE event - allow "P2P_CONNECT p2ps" to be used without specifying the default PIN * BoringSSL - support for OCSP stapling - support building of h20-osu-client * D-Bus - add ExpectDisconnect() - add global config parameters as properties - add SaveConfig() - add VendorElemAdd(), VendorElemGet(), VendorElemRem() * fixed Suite B 192-bit AKM to use proper PMK length (note: this makes old releases incompatible with the fixed behavior) * improved PMF behavior for cases where the AP and STA has different configuration by not trying to connect in some corner cases where the connection cannot succeed * added option to reopen debug log (e.g., to rotate the file) upon receipt of SIGHUP signal * EAP-pwd: added support for Brainpool Elliptic Curves (with OpenSSL 1.0.2 and newer) * fixed EAPOL reauthentication after FT protocol run * fixed FTIE generation for 4-way handshake after FT protocol run * extended INTERFACE_ADD command to allow certain type (sta/ap) interface to be created * fixed and improved various FST operations * added 80+80 MHz and 160 MHz VHT support for IBSS/mesh * fixed SIGNAL_POLL in IBSS and mesh cases * added an option to abort an ongoing scan (used to speed up connection and can also be done with the new ABORT_SCAN command) * TLS client - do not verify CA certificates when ca_cert is not specified - support validating server certificate hash - support SHA384 and SHA512 hashes - add signature_algorithms extension into ClientHello - support TLS v1.2 signature algorithm with SHA384 and SHA512 - support server certificate probing - allow specific TLS versions to be disabled with phase2 parameter - support extKeyUsage - support PKCS #5 v2.0 PBES2 - support PKCS #5 with PKCS #12 style key decryption - minimal support for PKCS #12 - support OCSP stapling (including ocsp_multi) * OpenSSL - support OpenSSL 1.1 API changes - drop support for OpenSSL 0.9.8 - drop support for OpenSSL 1.0.0 * added support for multiple schedule scan plans (sched_scan_plans) * added support for external server certificate chain validation (tls_ext_cert_check=1 in the network profile phase1 parameter) * made phase2 parser more strict about correct use of auth= and autheap= values * improved GAS offchannel operations with comeback request * added SIGNAL_MONITOR command to request signal strength monitoring events * added command for retrieving HS 2.0 icons with in-memory storage (REQ_HS20_ICON, GET_HS20_ICON, DEL_HS20_ICON commands and RX-HS20-ICON event) * enabled ACS support for AP mode operations with wpa_supplicant * EAP-PEAP: fixed interoperability issue with Windows 2012r2 server ("Invalid Compound_MAC in cryptobinding TLV") * EAP-TTLS: fixed success after fragmented final Phase 2 message * VHT: added interoperability workaround for 80+80 and 160 MHz channels * WNM: workaround for broken AP operating class behavior * added kqueue(2) support for eloop (CONFIG_ELOOP_KQUEUE) * nl80211: - add support for full station state operations - do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled - add NL80211_ATTR_PREV_BSSID with Connect command - fix IEEE 802.1X/WEP EAP reauthentication and rekeying to use unencrypted EAPOL frames * added initial MBO support; number of extensions to WNM BSS Transition Management * added support for PBSS/PCP and P2P on 60 GHz * Interworking: add credential realm to EAP-TLS identity * fixed EAPOL-Key Request Secure bit to be 1 if PTK is set * HS 2.0: add support for configuring frame filters * added POLL_STA command to check connectivity in AP mode * added initial functionality for location related operations * started to ignore pmf=1/2 parameter for non-RSN networks * added wps_disabled=1 network profile parameter to allow AP mode to be started without enabling WPS * wpa_cli: added action script support for AP-ENABLED and AP-DISABLED events * improved Public Action frame addressing - add gas_address3 configuration parameter to control Address 3 behavior * number of small fixes - wpa_supplicant-dump-certificate-as-PEM-in-debug-mode.diff: dump x509 certificates from remote radius server in debug mode in WPA-EAP.- Remove support for <12.3 as we are unresolvable there anyway - Use qt5 on 13.2 if someone pulls this package in - Convert to pkgconfig dependencies over the devel pkgs - Use the %qmake5 macro to build the qt5 gui- add After=dbus.service to prevent too early shutdown (bnc#963652)- Revert CONFIG_ELOOP_EPOLL=y, it is broken in combination with CONFIG_DBUS=yes.- spec: Compile the GUI against QT5 in 13.2 and later.- Previous update did not include version 2.5 tarball or changed the version number in spec, only the changelog and removed patches. - config: set CONFIG_NO_RANDOM_POOL=y, we have a reliable· random number generator by using /dev/urandom, no need to keep an internal random number pool which draws entropy from /dev/random. - config: prefer using epoll(7) instead of select(2) by setting CONFIG_ELOOP_EPOLL=y - wpa_supplicant-getrandom.patch: Prefer to use the getrandom(2) system call to collect entropy. if it is not present disable buffering when reading /dev/urandom, otherwise each os_get_random() call will request BUFSIZ of entropy instead of the few needed bytes.- add aliases for both provided dbus names to avoid systemd stopping the service when switching runlevels (boo#966535)- removed obsolete security patches: * 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch * 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch * 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch * 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch * wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch * 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch * 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch * 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch * 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch - Update to upstream release 2.5 * fixed P2P validation of SSID element length before copying it [http://w1.fi/security/2015-1/] (CVE-2015-1863) * fixed WPS UPnP vulnerability with HTTP chunked transfer encoding [http://w1.fi/security/2015-2/] (CVE-2015-4141) * fixed WMM Action frame parser (AP mode) [http://w1.fi/security/2015-3/] (CVE-2015-4142) * fixed EAP-pwd peer missing payload length validation [http://w1.fi/security/2015-4/] (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146) * fixed validation of WPS and P2P NFC NDEF record payload length [http://w1.fi/security/2015-5/] (CVE-2015-8041) * nl80211: - added VHT configuration for IBSS - fixed vendor command handling to check OUI properly - allow driver-based roaming to change ESS * added AVG_BEACON_RSSI to SIGNAL_POLL output * wpa_cli: added tab completion for number of commands * removed unmaintained and not yet completed SChannel/CryptoAPI support * modified Extended Capabilities element use in Probe Request frames to include all cases if any of the values are non-zero * added support for dynamically creating/removing a virtual interface with interface_add/interface_remove * added support for hashed password (NtHash) in EAP-pwd peer * added support for memory-only PSK/passphrase (mem_only_psk=1 and CTRL-REQ/RSP-PSK_PASSPHRASE) * P2P - optimize scan frequencies list when re-joining a persistent group - fixed number of sequences with nl80211 P2P Device interface - added operating class 125 for P2P use cases (this allows 5 GHz channels 161 and 169 to be used if they are enabled in the current regulatory domain) - number of fixes to P2PS functionality - do not allow 40 MHz co-ex PRI/SEC switch to force MCC - extended support for preferred channel listing * D-Bus: - fixed WPS property of fi.w1.wpa_supplicant1.BSS interface - fixed PresenceRequest to use group interface - added new signals: FindStopped, WPS pbc-overlap, GroupFormationFailure, WPS timeout, InvitationReceived - added new methods: WPS Cancel, P2P Cancel, Reconnect, RemoveClient - added manufacturer info * added EAP-EKE peer support for deriving Session-Id * added wps_priority configuration parameter to set the default priority for all network profiles added by WPS * added support to request a scan with specific SSIDs with the SCAN command (optional "ssid " arguments) * removed support for WEP40/WEP104 as a group cipher with WPA/WPA2 * fixed SAE group selection in an error case * modified SAE routines to be more robust and PWE generation to be stronger against timing attacks * added support for Brainpool Elliptic Curves with SAE * added support for CCMP-256 and GCMP-256 as group ciphers with FT * fixed BSS selection based on estimated throughput * added option to disable TLSv1.0 with OpenSSL (phase1="tls_disable_tlsv1_0=1") * added Fast Session Transfer (FST) module * fixed OpenSSL PKCS#12 extra certificate handling * fixed key derivation for Suite B 192-bit AKM (this breaks compatibility with the earlier version) * added RSN IE to Mesh Peering Open/Confirm frames * number of small fixes- added patch for bnc#930077 CVE-2015-4141 0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch - added patch for bnc#930078 CVE-2015-4142 0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch - added patches for bnc#930079 CVE-2015-4143 0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch 0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch 0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch 0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch 0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch- Add wpa_s-D-Bus-Fix-operations-when-P2P-management-interface-is-used.patch Fix Segmentation fault in wpa_supplicant. Patch taken from upstream master git (arch#44740).- 0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch Fix CVE-2015-1863, memcpy overflow. - wpa_supplicant-alloc_size.patch: annotate two wrappers with attribute alloc_size, which may help warning us of bugs such as the above.- Delete wpa_priv and eapol_test man pages, these are disabled in config - Move wpa_gui man page to gui package- Update to 2.4 * allow OpenSSL cipher configuration to be set for internal EAP server (openssl_ciphers parameter) * fixed number of small issues based on hwsim test case failures and static analyzer reports * P2P: - add new=<0/1> flag to P2P-DEVICE-FOUND events - add passive channels in invitation response from P2P Client - enable nl80211 P2P_DEVICE support by default - fix regresssion in disallow_freq preventing search on social channels - fix regressions in P2P SD query processing - try to re-invite with social operating channel if no common channels in invitation - allow cross connection on parent interface (this fixes number of use cases with nl80211) - add support for P2P services (P2PS) - add p2p_go_ctwindow configuration parameter to allow GO CTWindow to be configured * increase postponing of EAPOL-Start by one second with AP/GO that supports WPS 2.0 (this makes it less likely to trigger extra roundtrip of identity frames) * add support for PMKSA caching with SAE * add support for control mesh BSS (IEEE 802.11s) operations * fixed number of issues with D-Bus P2P commands * fixed regression in ap_scan=2 special case for WPS * fixed macsec_validate configuration * add a workaround for incorrectly behaving APs that try to use EAPOL-Key descriptor version 3 when the station supports PMF even if PMF is not enabled on the AP * allow TLS v1.1 and v1.2 to be negotiated by default; previous behavior of disabling these can be configured to work around issues with broken servers with phase1="tls_disable_tlsv1_1=1 tls_disable_tlsv1_2=1" * add support for Suite B (128-bit and 192-bit level) key management and cipher suites * add WMM-AC support (WMM_AC_ADDTS/WMM_AC_DELTS) * improved BSS Transition Management processing * add support for neighbor report * add support for link measurement * fixed expiration of BSS entry with all-zeros BSSID * add optional LAST_ID=x argument to LIST_NETWORK to allow all configured networks to be listed even with huge number of network profiles * add support for EAP Re-Authentication Protocol (ERP) * fixed EAP-IKEv2 fragmentation reassembly * improved PKCS#11 configuration for OpenSSL * set stdout to be line-buffered * add TDLS channel switch configuration * add support for MAC address randomization in scans with nl80211 * enable HT for IBSS if supported by the driver * add BSSID black and white lists (bssid_blacklist, bssid_whitelist) * add support for domain_suffix_match with GnuTLS * add OCSP stapling client support with GnuTLS * include peer certificate in EAP events even without a separate probe operation; old behavior can be restored with cert_in_cb=0 * add peer ceritficate alt subject name to EAP events (CTRL-EVENT-EAP-PEER-ALT) * add domain_match network profile parameter (similar to domain_suffix_match, but full match is required) * enable AP/GO mode HT Tx STBC automatically based on driver support * add ANQP-QUERY-DONE event to provide information on ANQP parsing status * allow passive scanning to be forced with passive_scan=1 * add a workaround for Linux packet socket behavior when interface is in bridge * increase 5 GHz band preference in BSS selection (estimate SNR, if info not available from driver; estimate maximum throughput based on common HT/VHT/specific TX rate support) * add INTERWORKING_ADD_NETWORK ctrl_iface command; this can be used to implement Interworking network selection behavior in upper layers software components * add optional reassoc_same_bss_optim=1 (disabled by default) optimization to avoid unnecessary Authentication frame exchange * extend TDLS frame padding workaround to cover all packets * allow wpa_supplicant to recover nl80211 functionality if the cfg80211 module gets removed and reloaded without restarting wpa_supplicant * allow hostapd DFS implementation to be used in wpa_supplicant AP mode- Update to 2.3 * fixed number of minor issues identified in static analyzer warnings * fixed wfd_dev_info to be more careful and not read beyond the buffer when parsing invalid information for P2P-DEVICE-FOUND * extended P2P and GAS query operations to support drivers that have maximum remain-on-channel time below 1000 ms (500 ms is the current minimum supported value) * added p2p_search_delay parameter to make the default p2p_find delay configurable * improved P2P operating channel selection for various multi-channel concurrency cases * fixed some TDLS failure cases to clean up driver state * fixed dynamic interface addition cases with nl80211 to avoid adding ifindex values to incorrect interface to skip foreign interface events properly * added TDLS workaround for some APs that may add extra data to the end of a short frame * fixed EAP-AKA' message parser with multiple AT_KDF attributes * added configuration option (p2p_passphrase_len) to allow longer passphrases to be generated for P2P groups * fixed IBSS channel configuration in some corner cases * improved HT/VHT/QoS parameter setup for TDLS * modified D-Bus interface for P2P peers/groups * started to use constant time comparison for various password and hash values to reduce possibility of any externally measurable timing differences * extended explicit clearing of freed memory and expired keys to avoid keeping private data in memory longer than necessary * added optional scan_id parameter to the SCAN command to allow manual scan requests for active scans for specific configured SSIDs * fixed CTRL-EVENT-REGDOM-CHANGE event init parameter value * added option to set Hotspot 2.0 Rel 2 update_identifier in network configuration to support external configuration * modified Android PNO functionality to send Probe Request frames only for hidden SSIDs (based on scan_ssid=1) * added generic mechanism for adding vendor elements into frames at runtime (VENDOR_ELEM_ADD, VENDOR_ELEM_GET, VENDOR_ELEM_REMOVE) * added fields to show unrecognized vendor elements in P2P_PEER * removed EAP-TTLS/MSCHAPv2 interoperability workaround so that MS-CHAP2-Success is required to be present regardless of eap_workaround configuration * modified EAP fast session resumption to allow results to be used only with the same network block that generated them * extended freq_list configuration to apply for sched_scan as well as normal scan * modified WPS to merge mixed-WPA/WPA2 credentials from a single session * fixed nl80211/RTM_DELLINK processing when a P2P GO interface is removed from a bridge * fixed number of small P2P issues to make negotiations more robust in corner cases * added experimental support for using temporary, random local MAC address (mac_addr and preassoc_mac_addr parameters); this is disabled by default (i.e., previous behavior of using permanent address is maintained if configuration is not changed) * added D-Bus interface for setting/clearing WFD IEs * fixed TDLS AID configuration for VHT * modified -m configuration file to be used only for the P2P non-netdev management device and do not load this for the default station interface or load the station interface configuration for the P2P management interface * fixed external MAC address changes while wpa_supplicant is running * started to enable HT (if supported by the driver) for IBSS * fixed wpa_cli action script execution to use more robust mechanism (CVE-2014-3686)h02-armsrv1 17267463352.10-150600.7.3.12.10-150600.7.3.1wpa_guiwpa_gui.8.gz/usr/sbin//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:35766/SUSE_SLE-15-SP6_Update/1481ab215a0b1830ea80ceb6538f4766-wpa_supplicant.SUSE_SLE-15-SP6_Updatedrpmxz5aarch64-suse-linuxELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=16b099ec7acbe82d8d20ab702f005903908fd91c, for GNU/Linux 3.7.0, strippedtroff or preprocessor input, ASCII text (gzip compressed data, max compression, from Unix)RR RR R R RRRRRRRRRR RRe rutf-81d05bd42a3d7022360e39a920c38f107273d85758274f55dd9cd0c88b6ebe5c6? 7zXZ !t/]"k%{m{#rD~d tGJf͚P 1?+g$ihJ#MǾG-7ɔS{@Џ9|+޼DJc- lc(,|ɁZ+̪熫}R; Du&_rx)ͩ "-ƺ ydl,:m7$.QwigW$~5:#W9-!*Qzne:oȠ&h×) eeΎL?+-AݍusVƁ 2zqL!X9Z2-X^ 9nX08tFeһM*L7$1Rޙ36P_웶)҄/O-(2, f cwJ340eXjj疇EKLd Z- &&B@_5_G2.v|`Wd8zs ^Vye&Xo|tHIzF ͩf~oZ ك}?cnj.Te X<:vT3TcM%e =y.YJ- f58?7LzzgD;/Q|>֡T*6vgV{x(ge=%ѐv6~uf j!'_*nY;k{ј[ *pt#_Cÿh Gnkÿp&[=\?&kYt;J.y$upxⵝs]{ifM ׭D}s!+w Q[LmN]v|(Y[Ldbyj';[_4V`(B/Z\rpuW-tWSsfEcK&'tr'm_k;([T4Y}Bx} Fq;_ޑzEl~<0ԏjLtL߁JfSHΑq,B= swR61{WMc:$@ $B*q`kYITDP $FFtGw*% R}gt^DYUeOdYEm ~¤ض}~ڹ1к3ȈRzA'lɣlTlk{82b_HL,ޕ4AΎZa MtH"{}1a~ m^ԃ&h!6WG^_å|l)+7!>O~%MN"雳gjF$bO )ePb2ΧNūΒfwaO#HgN[)jT#pRT8[22ZWSs_(4|ĵ8(;n zҟ wyrL)2I##h>_ NgG$N,X֤[~(G_IiAɊTXY'T?Z6?&pa\Zb0`;AD[l`Ý 9LB;PBϐ\݀%?7+ 3Z$fG9'C~u;iW_q'a㶍c9K犪f7CJ4ylf; cח a惄xR#:3'.5HS}R)J}E ?XVo̚.S# x`dF.*f{t~Q uJu!fh":RH;,KJn_lR\Y9]i~"tqd.\K4'+ĖRfI7y[ &ODh ?Q]TCX/GpYCg}fWjiйSR V5VK".J p(67z Q*7Ϯ-Щ78V50,8n\h]Ƕ.QMG!d^ o{% s3kcsv@Zd"LsڊrWzG] ;*OcWrR#0^lb+ '$b0w]R3`MWg۸MǯA~}\P2('R*-PiHwWN\]U|OZ pyQxJ./ ެNwܭǯo?IƼB@aԋkLϹ*ŽǢzqEu*ci*>/.Hd[/Fx $[#3aE(R9;AE;Ԙ\,1C0eTX"ovtoײI{LFg~?[Q b[C1KC?)z_bJ㳤II;I g)KmWK=hcW{`MN4㞷7%.Az%~LVc:EOć{[tR2;8HdJ"] g*^3dt.#Qr YC5aF *F([lbGLƒߧ9^48"9ٹd#asZdVj7a#BLI4H 6O#/_㙵~y>ޜ;A9GՔ- x]Bivv9LruVi(!g⛴OX|Y֭~/bΊ-Xc@a42qkSN* ]9cBq%4J+x#Z!(D\EySN_s-z|Y4w pwc/ĉ5욙$NЖ,9>jA:G%wZS!R&9FT!y9' Ĕ h]2"KQtĕ/ `R|MEj9ȱcRO8wpaQ{;eK@|ڜImζI6T-VðݝqGL]9aIҥl :JH!6:Qkد &hXMƾAU՗~-Ҧ"Wdt>kuUؤ{S4?5[J'K&,V' H՘ Trw_fǠ2|abe,4C(s;P7N$S6X EQ.O OJi?f3=Dz7|.l5JPrIҘVeuh^ >zh(ٞXV3$H6UٶRج:YK) @pCqaBo:!u+{3hH88eJ |eiUI^= ۋ!?!zv"nh;ť5HA4ZVSX/c7_yt5/8Zn 9'iƦā,؁XG.8~|m)ŝ B6^E8!Q~/27 C~$l7  5p>YMƷav.~ccy]O4|4FLMgY+âJ&0M/C~LWU61rvuy72k:v(|/+%'Gt'4?UԾaI ,&N VČ P?lKIH0S$t$C麗ĖyqI_!=2}rPdoϣdD~y V&j:MC2!P1zvY n޽)7HL%$NzxJVE'YK|G³!%=)rGt?S]u-7{9pYoPWl xhG_S-2٤fP4^3*Lo?YR#`S2{S,qߢLo3}#(槔 I0jbլ:e4[ńCxyN2 sw-~'IXgq]q*WV>a:"FLD1ur2+EdI[gQSYAC%Zu(9\ ?87BGKҦ:Xww$dgs^9AF\P-L@3^ q@a4a ew;?}EPIN2]T݃֋8߾ {/?9ߥ!9g-tCUF6p.:W÷RcKqGT,`?J^񪐹r֚t0XQݍ;bDzĚnBF[zW1s!+0c*v0Pv]a B2d!':5x3'Z `ـRV02*=pof>+(VqOp &chN:=#sGlaM+]tot,ƕ K<815 ^Rur>+sE@:MH!LI۝ƞwaF*ݕx h5pE߿O+" ݱvY'i$ Q@o2Ѓj}څɉ>=lͮLş57LM)mH{4&T%c>w#x BɺR-V,e"ޥ Q N)wnCMU+UHC:j+B @o[`A]͛=CiNH.m K:sd+E.ȋXT)I]/a#'5Pe77QOsG\KI\S>Wi0;zi:xTX7UfI '.t:P(=d(arr>OQn$HPyeQR!ȁ]P0Y%TC!~?ih-ͤ:Gwxߌj{-Q7r4e~;[96E 8H bGO3kĒzsȢv@ns? =[_iq󇯸l@l-\e[ĘމS51}q7o!vĻc8Zy헖+w]S8kf1$qv3ۻ2Y͓X;d |ӃJ:!t#78|SaĔx=V)G$O-W3riW&ŢA!YM\(\Lk}_CM'nhеfۣ*o&c eGEPȢ-`+;`Mםg<ܠ` ֜n s?>e#SH3H•BТcA^^Fz)v&I4&4PFɒ dl.c`崌$RwB?Txzr?_v5ɍ>$QLnv'3t@ɦ!Hf QYT?m^7n!.{x;Zm&= ~DF ,D̊!]Jᐧ).&F)7 ,_) >e':ڼy^sy/Ycsˣd#RyI\|Yx4{q!CvXpqF}4n%YԐjw71eo FV% Q48q.pɉ=UULA,bʫ@5UeX枭.!9[2VDSHP B$fq{,?\8ѷ C ل5$P`8m. nn.՞̀ny PEd^6D[?#S<^>`16~`қAqYx" &0!6ަH$etmaF#9Kۍ>X#|k%P*\זe e}1gҜD.a]2 c:#P d[* b(*iOa\ !CO>iYBPsu-sYzhW" +1Kt=|O?Ҋ]2祾%cĕq`MB \&&/N1)@B:>Ț4y"EX]_s+I45Nx>ޔSkѰs2Rrg/ƿmB`|:Yn<,XK\\5%c{V'g]֬O:êTj-n@э` 'C?rwXx/Ap8Lnx5Ʀ|=]Qd`;: J!Ȯ.TKAm`mYLC%y&;^$c+95T0ŴnJ;3)׉sy_T)fǚ9/+eE}눭"x&A `sūP.,|wtUZA혲MoUx 0`) ߅еH 5ǗQg3- )%(\  P0S^8ac+|̐b3Jstt2"WNUY&?1Y=ȿ,z{۠aoiҸA^5e%2V6RKVW.$BXh\}p~fwE5PRu'MmLz(tX y /66|\ 7ev\ع{9w%d#A e L@]Mx̚Pg8DXUe})m bN0)P Q"{aqZb9`zd&ԛ34?lM^#E$YٍRiiJCZ+irE tl;Q)۾(-ĔG?>Ԟ3B[ɬ \c;'-akR""m`0[glEʽgԶ1 I 8PK {d].Z^4r-%ҠS#爞@"z|u23 g˯|}ZDG &n9̪xL> 1#XkW!ljB(tF/)}=ZY`ZD`3)_bn `8]܆x*QΏZ=)DvHтXu׋kRJXc@yu6~0m1^B݉L@.9:CN;iPH~9 3a:*4*qpi'R@@ۤOB" G%u2nrS;ƍޜy֘TfKyւ}k DpM oUŵi!|Ty|{ 9߿N 5s^R#N^QۉPlgoBsviW ֈ(N  DyDU&UHOaDM Tfyy/FGz?"0n 'FzҊ@_/\l[t>7Y.,X!p.mL X {NBS"vopdN=0. {/ η!5xNkEt~C$ySzW4!;¢Zen͇Mբs?Xm<n"p !?4g:&&J&29vA{C/xpBHuf?]Oj~L5+"jȄ%$w&K݇ʱmGm 52jݟnY.aщ6cD$l\(~Vh*M/dT96!UA>1Z5,sZ}h⡴̕Img|_ڇs7jF[)=Hm܈EaH|p jp T_g@|G$:\iP٭X co  rvVvU1zt h*V ) ӓ^<~¬ƭe:E?$}GٸZ˴yL}}HDbDy#Xpt¶7y^{ ]ͅ cDxv櫴LnND !)΍3kq553ql&'́[ }u՝ź`G׋-lZSvBıGmK݂_o`T/W!C46[tJoCbrF: 4%`$8.{E)y|)p1KPT#'~xLgrp` :Oҙ}5^9AA} tZ Uu9eF"pPP(j,*%< c8@-pE͟PU25xyos i;IZl Feqp/%HoG(^gN^&1iNb4 C ȞF] #ne XM |_YzUAb4/ ͍YKC__< ]=K`_&Sē2c5nw: fnh7{ؙc2bۖn (I4qǾ$V+0힄r}ϮF]krXct*gQ_a7Ow"bŞ ;QDxo$m5*]/:3,À;7/~QCAVFba 9ҭxE (d{ք1cŘd9I(j9aN)N[=rhGвL9Βu<57myeYhh#͍6w#>:#v[k,!fQ^ RljlU#[/PBۆ xҀFa:Su'O,ryhZ[ѽl=^-0z-1lI| 1x T/3SR=F=*GWy5GP^ paC4 _<&GxI( 1;<&4#^5VZ``ǣ)?)G\i7dqFf̒ ѽ/AJvt'r͢?KJ^Fs( M'Z*Od8 [e|u+J¨z矷xYU23='k8$?^LY cMVbY-zR:jҼשdlz -'GϠ#^ j}b_[n&N-mHtt Y3wΩE Y8xe: #)td!;#]JFcd gK<PƝ8IE#T$R,6ݞ-MGXgquk[>jQ4[ O.Or:}*?kDHgoa+egmhLjhmQ^b.CZn FznBZ2șPFj֞R"ۥKՒ /c' PꡗA $eq's= |:^! tsQX2N8O^<S`勗CyG+/)-V)5뜽>:}R ٍF\?vEc=}duֽl-;xFN/M2VaZ`{bd5XlH #KZyupt&ko5\;oR@zPzv_q9U(CƐfv>' L(x`ci?U 'U1Q4`ŋrmX џvԟK]|e5KC!a㒊02eݸz̓#)2 5@"SS٫ x.lRC";> 4?h+W+}}xQXDTOx| ήNߑסJG+f:SNZ% *w:a o$5m+]n6mAȪFߠ$}e^a!mCd,ġx40m[2îWENA%*E7Τ90u?pLl KՓ/m{7i}ONd:4Y.;$rgǦ| 9)&HA:Q9Kt9W,RP6B8rPgEsD!9q[>70 ;n?[\:eONZoݢR >VI3JoG)"ǿ/]TB^ՅcAsZJ,.!}9Y+96"iǤH)uDrVl8pM;PWl)pS.޴ۼ|%XpdcIzr+F`H!0`ξ% _W_Le;4a]$$$dW!d [ΞLa9u:8&Hoy$|ج!l;=)@]H@H]R=o7M?ݐ\g>;iW;iKou6]&L.(E~lB&/ >n]66W%NAdy37W#y*M8T1JvR3hyTwfUth:Wze2*;cEi뙌J Xd֌vUmF5N Kh@oo?;i:quЭ}b~aP60geGbȪ|&JCdR ]N_5@,מ {~oUibE|RV SB’| HqA bVUPQ8FfIT\ZP.*Ҳ0Ϋ ĘL?iGh2G C`VN~՝2\*0goXyb;J5,? 3D㔺UI4.ٲRJ }Hwёp<"E:/Mn V|ung/&27hhLp=/+1ZLÚ!xz se(VQrtڵm!-ptAnN(վ)ɖX9IB-%Ș6eIAjg:>=Dڃ.~H?G!>^)ŜNVb'F)گ]}BluhK- _{I#Ce=iJ5iqY)DqtM%`}˕A%q*kuv(>SuC2TShW H~^TƸvZC|$%mJ;tVJ3Ʃs?95 h`0 ~w5*&q^r!aY=hoS|Ĕ#/8\moݛy'ߖD˷t> FY1y"}Vtnms}JGUի57#k?: Khj / )XK9Oĭ*5"#azK{+:< i1φI| nߧbEC8_"2Ldz#&NN+?Gv+;(;zNw8̍y1k5ѝěgb4R8Xvk[Qv|oue7[u|"p_syZ%-IRp9&!_NxycLt%#E v.+IZur^x>&vG 4Jn@o͹.7`BJr VILTÓHK  o?fYG*a?վ.6s9Er do d'~gkGK)ԧ6duTi p zJ>F&|فȿjw{u ﮆMHnI6&`kvtZ V T<#XUIY] R'?$ƈ(7a7k*SVR+3Ș89#RnV4+bK}8E˳ $Ȃ"'Ȫ lbά [iu2OBK!:nW]8XV1^ll"z?]:L٣"Lr" Ma~]wZ,c墮g[g Kp-W*1V!:z֩=\INIU-k(Iv,fy_)0y!xpZKn423*Ǎ-~'Iӹ-ҬIm"[b~$9\ TOe^b|EF;iiQ<< T'ɶ?Q3&DZ T9DzFwm'߻E:Pd`L9LU: >h8|g*DdB[\l^R/q˃w#[Nۗ>̉JLsߋ/TgwX4lw;yH}?Rno*=6p(+x?]O.eWލD6IUlDRTz=nɤu{g铼o]UW9bLV՗vLx! ĦE.<L-ۦQx(~4SgE Ů6>袶eٜq/l)YorDUy~SWHOkђȳri`E 1(*5f,?c=Ӈ6O^RlzͶ,f"C# <l׷pvzWN*h.>7Y>co /G][f &ۂV%@ XTIҁb.-q KgKL^ZZG4Wԑ[*i7LWm.Na:ն8Q]3b$l648m-rE3ӛϸ]N=l`Las8)72go߆,9$g 2 {(kT%>Bs i`MI(3B6=6E\C07U`NHb)emm7zKzPBe[Y5V-v:O&7VG mBsRjAXAj?Qf E7H^._΁_ؐ"{׎_Ȣb4 ,a䚻ۣ㥚1&$.ټ(,6|?oDub*t]deK($ҹŰNȓ#+8އ'in6RyUi4վ 'pRb"ln(M y+Aܢa9cEHR ͟TicN6nY_V'S ^5N t;3UsM`/  W$ ֕Qٱ@L6SC!/wؔ2;D܌|`^jerˋĊ*COrHWbLCwMlZ% \?`C\mdF2Cmu?Ϟ^2ԟVK!bUow[,))-.ibg DkdAG( W["eu-n"@eid5@= WїGOܰhle/YtZ\sVףػHnb\, ]ٱ<^jR؈/u~%P0\U4+N|BamG0aX}X*η}>N[ʓ*0tiǤtk(%6au-zD3qi=OԳr X5YwIJ(+|Fr>d 2iv_s;7b#jr*1GGQpB즟 ! z(VVOռX>3acmרx1aB;*0>,zԼ)sòϓd"(~~|*7ףEGPz1:Ѕ/qPC\ŕ@ȁ'bwG[ d$Ͻ'D:^5J7gi$IEhb`UE72IGl1F1Xii\Y3>POU q9v1;T\mD_4k̷dKplsСô`c;sc8_)F+f5꤫рX Z.";dZAe0[$vM"Ҍyi ҙW_fJ&]|_POȆUuH^pyUB੺faajǟ6){Ck^X[zfA$ `v#'u4>/&b9W Q= y0d @|/@OӪ )J妵ID,&=n-(\2 Թ Vpc%B,=,4}`.YIISFSuE]Eۼ-n,f=N p_ 4VKRKo"4M5/]ObD|F^Paq`yt)H t>j߆qDM* ꗍP0 C =u+a:$?\qj[< a<˻)JW"~C˙X#s@H(ˌp7Z1^ H2M;*P/km,!39rWۥ*S5٪`{ ^O9NGNfjY핓X'M_'G*#4bPYV 1($Wҝ4sy3L'yiLOW\? Jcl"\ 9s=_U) D]%*6#Hŀ&^ߑ e^aE3蟧Btϙ%FXmcݖi26]UՏ%HW%1$l2Dik.,\,mfۚ(oȋh:ShKȧ)6E3PY} ,["$v&f]pvH3 hDK7qEJQs$`ĨHlI"o✊yo_Aw=Tva8ܴ;Apׯ'列pT=)R]IxAqxm쒎HjXb՜uRȉ=Y-@.5Z,g3} U<~L`Ċ2Z>ha8f#2eͮ$K3QgƋ i5JvL*F~@ǜLQ 受ϴL[_aL~'=Byʣp{/Q3v3>^թBm!oܺ+XTQ:PϼL/Z <_fof[fXd/ֵp_;[8?Bx4GIv{ wΟ7T˳XFۆq8[O<+JNg)leĺwpoYʧ~\eI:EL}QDLwf9ے1[ p&-a(f`Ys `MlĒPG9]ͱ;㢏OSʴitSMmo8,J5=4yW1c rۧ, 1bRNȭ-$ lr5r:\.=4)#Jy7P+9YokL~Y%z5.$L8 q_[ 8d˖B9= 5SPڬ, }gX]$N}SnY65?K&Sjԧ?|nwM7# {=0l]AL#BżMzzD^fqâیٝ?)?dGxT ;q o#wyI$6|[TقvZ|J. ROIBAiNWRrٻuE(Q'"jc9UZaSD,A|nD!t܏HBm 9v/iicym$bjb" ~QLx;()tGieui5LY頋x˜V֔P~c8NF9?d``[ rD'm\"be!{w4rI4e7R|Ȫ0lwW 7xuK Pņkـ2S!M% sj}̔\|y*nYsL}㡉:hyUT%{c),#=R+M1;{4Iz]!?OcPsT̡F}I# : ,^=nk?Hbk| ]' ӾŧhSJbE #ϫLdń6&4;qRȰkk]DŽMJx?-Rj>|4 EA;}sr#k_`HJ-=:f}>qb)eh]ݣ[$魊O3gXNz;PV[3JQEMZv*pv q␪И7fOą1pДG$k/]+gO` P|׻,>`W-sR'G{f\boBū*<\7X{\VWX`+*sPa*Kől'vZ똎eMLsކ?i63777c? 6*2QJ+P;: Xm»<e04ցhֳ"SjÜ/Z2`$#DR7- $,xé_{C|S \dQU#}St+#܈ ճVe.* Vo9XbLqb}IãBץƂ*N. eJ/}mN1ʘ\GFnj;zWT2wD ();?2*)~z&4em(h6ZEj9QwF=%li 3uf`?{=v$;X&l>Tn-dv? dTmM`zѐMKG:3A='WV_Ȩd]UV#!l3&16AzRZ!i}Y30枹5lƁ91H?#GլByfyc%aۻ݀)XIOIT# ېopy;J@0A̵MB;$bAtʞTgEkjzs#OЂl_[D?HZ@2\ziܝ :~[/!⟵-pz)Feryk6j.u14oQDݱj2[',7z"s}_DP17v<$$O-uMv0_ h.MJ@B4̕+A|cIG!t< șxCQA|.(s.?MKgNg}VBl K_򌎰m{z:6vgsei͝-#[+ޟ)fX5g/p+;d`+ajSWv>j yV~;nlL@᝱o>(}{~'oF(EA2Rzgn|Bd{A߸;}ko ]ܮvb? Ys{AѬM$"+Ym_nNfD%R#$p] έ/ɣ8+7;!ȦJ11U}Ҧcꟹ \:KH2qB-6~O-tOwGJӝB| e=/ fh{ʽ) T&j TT)oz(mSjV ue4 Ԛٰ)#G}+l~+ھqh:崑%#I2u)'ȓő%%4N3֡ZlH6L-\)[M(b$4/*Py~~ldUn1=^"jS#P|Ẅ"=^ʁ?1 X<*6jFj}<Mz{b@`b}7Gt&DV<@V%Ty Юo@wԃygmÓM<<>zR 7}'oC`8r.k\i $u$u?( D1GȡLq^n#pl@tn~דpRS5ҵfWۼWР؆8s-V3$cZps7/^J `[L-P0pSbi%u+WJZ ƕ:hȿ(hĉTkM1G<ߑ+3MWcMjc¨ݵ3Tv2͆cCF蕥{k Boѿ<@}uׅ㥤oQ5NSUl7gN;& s4>VQGQsؗZ5JY.c8iVȕlh7WdzVuGUexlmTvZ&nG->=(*sGQfo?fl>ݴ w 5B((vQ6~ޗjYZ'(1:g{6:ZKq]Aӭ  g >#śIlsYcZL|QA5v.s3& =]h X o o:$Q͵Ʀʈ9PTwEh֑{}]IQI;ݬ s6: xvFp"*agJg)xYKW|~my!]rǔ_$J߀\=~:E yoJzxSJQ&7\_kޢ۬A李kFk>k> 1P\HIljc:Y]I5lt3@DMj $g-H Y>bk2u{~>բ`ùKs>YR[2N(N3|BD!ߊ(mV:7_%5$'l7j 5܈BJZB&k eRO<57;Z 0A;>ZQ8ҔUpU1Ff 8|qr"[$f"CO1jo ,o29vcdq#/m`#~c\"SP2ʾlP9ֲ~!qv_/B,GPrYPˮII-._~wNTe>%A/gn'm\KPK)mA| ݍ4pjQfl>e +V&rC 83rK0DB +}s :6-ï>3VKYA!H )t@dc؋5HP>Z:RdQ E#$a6DbMiCWu\%g)mS1X(:y9 `#0űD΀J<*ɑZH<%m{hQ!2Q ^SAťtӱ}FnKDmz'7#1|1:GDѵ8A*=56.j>Oׁa2bC<04nc{Vnt>wG23 :48Ļ 3_{3Q&#MLz9\lkXb 9\- ;V*tHԼ~9<0#ډn>[\6 -QY\ omkL/a4z|Vr?&U; o__@]61<#K bhĿ4BDsAAI^sb,|p:|mip(yI0 -faY&q _c7au6D{@x~ϒ˾cGsr!,46ܦ4&g܆08* *>i;4PC;VK#\s$6Y]<sk0>xwm¶fzdak*DS@-dy+7 r?n#z ;qMt<`Ǿ 2 iTDʰ2G@ Gto(W R?T;x/nRN i~&*;'C~9,0_1O@ Az@ZS7Fq 7PqӋs ؿ%фXl/WxQq%ty9f*Ě3'!fa,e]!Ң'`ۂ‘\rg.N!K/VeV2ᙊ Y th g%\dD=<3X*|n[Ёur䪐DϓFZ",-'.Kc3H|$:Ӑt 4ϕ(Hai`]!boiɪEh (9:hb*);l[oL"[Ixފ޶!}2?Hj60s]mhԮvq'=aҿFw)"4.xʩG'LC)9:+tՓl;fT1 B|f*e-r[. M%Ggv~T({ ԆL-r WCl6(T?(ҾI*Q` i P/#$x,5<3{f-_ AZ+3;/CU}44P=ouz%]dȗF@3a6铑Sd<'1jlAn,[0+p&lk <WLhŧ33xb +9,eEaf1 7^ߌ=Z+Έ5y R/e;j{x%J^LNFA&Et\ rbDz:{6=8G"8 ) &<'Xaʺ/m1_=L_ND+O3V-ܐh7HؗS JVr}3o 8P\nw`Ǹm')v^DS'sX@q$*~%kv* uX=;<7` wЏ  =B@8yrޮILVjF'8Sm1:ōp'V['ɔ4w]9<$AHfuJc?sG~$s1Y~Yoou@"mLHYlq$s?C/ iÖ)ʟw=nWNbfOuAk@MyF`bjYgdEM} ۂ*&+X%:;kzL$dkPތtϝ/KfTݯf?%BGBԐ† _aIe/w\7Skm ̳ ')Hp{ |S|gѓrmwY(g. ZM/߀  ; H"\[2Km*<}z{+셊*4'..bn}^ìu 9MzIn8Pav3ZXLCc'af}j*)4hy@+vi\J!HOfJzØ8|&rA[N $ Ħ x @tRF$ ɚӓ׿J ^&pɤ!SWFD|-.y Flwq aIEXCpr-e:OZ?Py mIyTX`6.Ӣ@#mV>FKv$b`֜B?A] {4A%XBd$ΟʰL$ Dɻ0I,;OVh7s#E>[kylj 0=U\JϭU{W4P-Ayd_>atT-MO=2*YZ䜔؍aʠusZZOV1trS|] X)VK?5j_E=ꆫF%F*nB5c L Uox j-TZ r)>,,JqPHV90]'![x^[u9rVTZdY{ƗFM"2NK_s߄HEn; Ed-K~Μ62%nz4>j%%2 C,dF݁ڐ}{5> \psa}6kWVAk 꺗w ԐN"GJRm͋%Dj֐ixq9ۯݡ۔m1L2ީ'l=2vju}b6.u+ u!HG`&VDvu Sj*@gޱrhɈ8LOh/Y 4-VU~*6O-P6yP FDpWă>h]!?5!9OD}8bo[=1mBW 2b.`^KV'Q odF 94TgCpOʂw]&êCFK ށH$L/]}B߷ݙ~? +g3w)PtRd Jqn>w}hEzn9D$RֱA7'ttD!''3cZ6";dZOvG=E<"-?\ s#1ܭYHrzWR'z42xu2i^]_)@ md;n%1V9!'[kW1e"1K$) I37..2qL WFWNOQڶWu9Ge `%tWfTg.7MuP5kyla:, ^YUq d$Bk9z+:YO=Km8*Muv'o<5fdwFn’ OҖc[WʖsUNO6-V{`v'*t 7=aY B*;SGA)LaqH'p[ |cmح1U.4?f[CZ34,$>t34G_u$s|`nAZ?s4'E^ű #uT K* Qz+0c:J>K"=V793;RT[%k y_T G_{j/}V檦K(!E  Jt2=/E՟=&Xc2gR/*dV9`JCÜWeGU'=$u\mpeiK%Zy4CO wR Olע*n ykwkUwm,ޭ!{SSY_qzJ6 0 ^XE{/ ™{v!#8znbEtp*lk1Xj8 ?< v$]ЌKO!hv ꦄS3qD25=+z,1:Bչxr%pMyZl,.~wJftaĂZ$_-Q ~8򯂾t0Tm5%QK/ثB6}"1P1(_*qoe}/Z^aM)2+bc"jU;2q47RGEQ{AN5<sU>RU:L'K?o} iƽK+c51>I})ֻu:E) kS+`.'C{Bg}|v&5q q+u"lg kT3d8J1w{]é4/彜p9CC!_Vj5g*G-kA1oP1Rn b3A tdj(1zp[Q>Yb;W @3h|[#v6W8O~D%^2`d =+X}] ~,p缀8ZD8\ ق ,f6޲6i̢AErMՏY#lvDO XTj"'7Sr̴[0;# CLdG:vVg%bH/t`f,5,L "O'vrM+}2Zc  z`',x0zhisc7q j?f4gaHg?1>G]JA/!GoJ%(YzN$0=ዕY>9[dDJմWC.C&iϥRr4[D81#SKc|*^@@JVJ(+|9fh-X̼Hg\:'Xw^T'Ay>.TY /It9C݈r)ij],TtaPM ZtWm38 ڻEȁGȔiOH+ ]nSOY0eåh:)B-^,@Ӿ Z:j5_As+/|nht*2p|i}tIFvOC5[?i)Lda洷A|gGaI{@QO=~ xcs넎׳g txFSQk{΄eUvG4R8eVƚRT@A>GȂy}~tK|U(QF3~z_Y&S ' `ľvLLrWGm t.1RSh n]D 5>$#^k![<'y9,~wrY/P-BBN _@*@P|ԐkVG/y7{Õ&j]U+m5 <&2rR̔nfRt E QD$a2cp}o@+BxzւnYt*͹3״gfGSfwS3{G8ᑑ"̶N*3)s5" 'ҘbWu} 5g?,-G]F2ﺤ&gpS1;Kҵ}Ĵyy㗿k95M6}'W{RkKRAB}i>*b#ㅴ.N rp LOYL6ّŮ."y2~8~9/ t%$lṁֿyc.q[嗰c({WB)D[%4#P!HP5,AnJVHwǬ2WZ?n+$;$U&"*OxMn:|QXv,D` $=#h Ecn!D2h,;Q,"WH=!9T--fJ9;d˹!$)/A})3zw`C RfpL]l4 *&{}bټ~D@z4CAfU#q ݶΪXS{"JZ}:yLެ&"SQ3 }`YJغL )"hf_X*68^.?oyfyy:&k}8"raJѵGEO__0;gh0ƴJ>x`Zp̊$hI a ؇õmqFjC?m`vA; =yGƶv7H&x>iG4;H| j+b51ǃ %ĩ6F{V|͆$ts7"sJMhN#ؖTi Sx<6WBde[y6񸽪FhM{D0]s]6Fs7q'r%8kaiߠT63 Wb0s\&Hg Xŧr傊Yv3Aɠ??+o_|S{p82!А%)%Y8^34yUM{ q^X͋eQ 8n6fYP<(JTd? 5]@Ů,5LrBAoFnVxT,@Ҧ0J(5-|(LiN,"JO/Lu7܁t3ϕ~j=iouP\#ox ߢc|⶗-/lei8.(r-_ v X-y:dŒw8yCmdrfKqM"P)<1Iצ_ܤ<\Hh'0'@IJC*(4W<5:w? bXZ fafb6#zZ4%nHhѨ(@Yfr03uyEwKVA V:©N4@@]bqyK1\K" cTQ_]~/i<)k-/ ?{c;؈_<|'8%i!KAg`}ʂ?ڮ 9+##J>j (W \. Є p?IWSzGZrFK~yF)O4VXbNՎ̊ƔnMpr>?c9萨s:0 TIǻ.spv/yܡsQ:@Ṣhv&O'ooV`9N#z2 pTW[Kb&9)\럷Et`nLh^ bZ&:T]0ڊ4.W/g%vKL˧O#NXe!!%mhM:3Hq:jT`&LBGi3-Dɍye?/LW3SWts4!iZHLD5xg-Z1pY&`G+x" l,BE*H ߮0+2O߳cW+vr1͜f,y[S23K1/$?+qF`|eF.`4C M@ \H`w[8`-_dx\imk{9F R RYVZR~ "Te=^h~+H3P)R yE@o2(p` ߣK%RaRj׺r"`jf rإGke|UC%x l+e|!פօll8J񗣂V&@d35\gW$E€ep^T)BVA,-hKJjޢzhv&N YOڰD7fZ*OHa avR~ঞg~1H$k 7'!p9ƭW1svyuD 0 F?S [~/ׂ>*QqIM8A4xw93cx1<]Uphk 0ә//Ýcsp %c{FKMt&08L>woǹ~F/ȩaQ}>Nús_'bT[ Hs|-eFMBY4M{cJ\Jiv C4MS,Z]*ŒK2Z{Չ{;`k9K}XXL' udE!W; oj S´Fw=o0'uߧ0նU'sR+?p8Mk>–5ItQ3:iJUe+gqg;Qh!fWۿij{"9qݼ[jC ?wl߻QEQ^nվ9bX+d78߰1"k#1# ]MJ͛- 6<0'X0K6{GKstVk'5Ah ;DR/j'9<1Y]9pqqF8EYz>s+B9 um2C}|)zPBEPVMs Om|CPˆ Ve2m,zq;WMrhA)RkKy_Np_sY? &5) mQ cLRwր+c|ՄGak72\Mmq*G$y&Rktmc⮉/4ELOuqGR8%uq6l,I-U;Ǻ.*KNn+ZvjrŃPoS] lˆXR[O ǤeD`_h"$eZo^uf^~G>H>RvDEo^OTp=2%-ݳL;6}wE#5?/UQx{~\}]ei<CEtBѴT/XK[_F|U 0Vx~Ѵo0$2&-}=\-G:ڐ GN6+(*{ Eoq"-j@S:k;x&Y h=g %J{M+=1@hRߵ!k=EpNc9o ZF'>襙 GYF{ݨ[ y5-#- ʃ2Ɵ =e:,ԎIޏ&sl*W_HvL&r/ٛwe2GIbn'qvOr lߋt'2;xk9Pn v3;܄i?^FrV.-aR"q}J VAn:C児zA6(E,*^bvJsn5I(b\"EھVXƔcO1nO[8}\8 Hws4ZLܴOLR#eJ <ԟ{XNfmdatKB*y7Mk6>7IIeXEI[٨K{Z2lsv.DoŨ]'o"bUlk 1r^URyLb竪C?ރ-h%bg=~ZBm\k.i 6 J1QZ?~uI\ZSx-dQMRH{hH%yɝ=}Hw3kN-;rlJڊeu64{j䣖н%t?s`(8m+KA/BtXeС޴`0 M}v1tGEy^C'#D0umgx5jy޲Ǹ+٦Ac]F]0X8񯞭Fm# c4{l'#3uWJȯ_q-V;E]& croꨞna,#jrrFJj9j$N+e_h;] )tp"#YCQ:_h犡焺)hJnj% 0NzIv"yػNXFx 3m~!֯*ֹM.5;6)tiZO9xԜzuˌ|~&nY29hԘ%STcZP29$~{s5*z8Sx^ Knd8Qվ{ӻ=Bcr +B=sMR;DukfET}-1.٢FHɸh:9gJ kȹJW{ȅVZF duy'l$Ԝ3Uw~HB(rs>N*?#]HU~}VV{%ӏD>Ⱨo`f=:šsu.>v M.y11Q3'o䎲P 9wF[Wj3ɜU18 he1[ћNFVՎ H ][ f5Wbh$$o<͑Uߤ8+o]{MV%tƥMotL"*~l ԫr\ԅ?[cݖC[lpթ! 1~A O d$;MOzJۣ_?3$f6By' ,aumA{T ĜLNhGXp%cDtP|N岻/=@[FUgei}2C_.UP'l݄ l4E@uW]8Bo-s;C,̇aJo5IM&M pUZ< J]qDTSk>=ZE3&Ld P̷ѱEow{Fߵ`*r! v!9{mk7/.XWvy"3ry 7ůeDS+ HNқ`&]vi *p݈j `eڋ9܇DZ :h|'N|[ dDj|}Ąo>?p3L5{5mf?z[,[anǍy Jj͍ކ`zIHwXqsi?uxגI CU!Gj**(qC?KWs놷l| i}tG Xɮ_8SUM~ʪ7VAX l3݅? 5l2%ϣ >%JME6I ׸+O\P-W7m񛫕q먁6\K\rA?5 lU#dbU[^ji~/<zm'pC؃uz:.^mdx cÞ5"zW˱=tUC$h}JT,%)"X(IQFw u RL/2HyD A|?8Ȭ.$C*"4$lYٌ|L/ν8Ů4e (|4C=3Іdt9hzT` "i׷Ǽ,ωX =!%I-y#'9w: f>5lk8тG=V:e.+j@fa1"oBl2:lw% q3aN5mPN-&Zn3:{G\ #5׳w4]լ2LxX?AhTwt|E{C[Y %,[\/Ay_mْɛ/y!9ɺ]m.ˋk1w᱕o6~8`e'I(U,UvXG.x&@WnA`h-!TRz!YmrSIc PE<^滉I?5bOQhm1~*)G %O4Xy2%k5 2L 0r( _baqX[s# ʨ$=in~~2w"tRޚu_NLSamq;&c7?MdICk z'OqQs ΊC+ ŇDDN`>-鰣 v,0ϬV[HѸ &%KՊNډʦѿY1Q~u6{}8b?/-U٫H"<)G͔Ln)Haw4_ӑw-燫= p^;Hg?f;Rl%ɯd T4VQQv2guMH\aȝc|UD߷!SXs*rܱ a{>L TL@8[H۔ύ"?vgrko>_+F3CO*^/ؓ\P:W2=w*wٙy񂔱L=*-t|9Z=Z=Sћ.v?8{zf0.YG6#˱l"٣.#< ?N L=Z(_Z6k6BSeb(~&MFx:0i b(Ê~$ w籘H,QR~[vkC&-y \+MPJ}`@]nɍ,+rk_@aa{-܄;pF{5ƌu #k9#~N]1ڞ3&*+_oTdo%{~VR/bΦ„ ?#Fķ%Al.B Qz=Nq:_3 $y{gY^6K10JyS"]ᇁx ƕ~jyUvc_ۍpY gZOY!:Z{쾡B Ji5-j7/t#ʄX@#+~{}P Zi困 K'4KM!JaP=\u  N͑+{R6jYUEd/|tY򍥐5ZQX.4E`mQ-Xcx> YGHojXο"r)G 2)҅ӫl3_!n#'6&է?.@8^2A, hZg!99Ǒ|i1/`7hN(*?)8_z0:']Xl^Jm&F訅TI329p*7 R7p.(sUz.9e݁%1bIՎ "iχܕ ^у3%u#챘 ONWaĥjsthXg" f$&%20%?.N8@VID&REaqv[~4F()8V(0"D,ĕt5owGI $_N 8sD0L{Ke M=qh iu#3a/*RF9U_A;+} bFF0:5MwƄ!)X*WD 83b$V_9?ZJk3>kLARWz% 8u/3I)#w.7O2Fh<%@TRZ<=D,Skp]51~)ۋ{\㇩:{ VNzSExbuh_0jI#2Ij=T5fE`]#/p1gbvi۪a0:QF!L2H,>8LN߲rnw={+؟xtmOf1@k=2)9{}n2RNCXb.[XnH]ar<潠kˁ0ASikЊ }@?.< s?rg,?Ԫ@" L~!]~AAIiٙֈb cp0';'Dc:啾>` )>eYPP2)A8=j! 2!O/ubAFWtkIQLhӂGﱡ>~{^d0o,&ٰ<%@2c\N21RX'an <x7!T8e֛(9>pH"-pI_BݎWtGҥєKyu y4ҤȮ6Pʕ<֊kdߟ3pŸ[ JR\lĻZگ5WԠ^'u"I`57Gҡc TF51i#Zksx2. e@ DaQf-4&_uIq N5J-)"#¡UW>28@#iBQYl&ue]#bx^2&So兔4F5 ]'_ tvJ#?m5bjS۬c!Mlecњ":eXgH@9N~zO#ęXl[؄`H'ZOYml9[ 7d b~mEK*I* ɽT۲jV:S%mnȓr/$|֩|51|1 6Fbؘ\r;'w_2 Vn|ZYtiyE i-Pv5Τl=5 0D8`;6\h~fl k̗ Zl_;I6. Y*M6/eO*{)mx.qo}>Fxġfltq@c8?MT`$>׷Sa6mJ\oVxlU V#jO;Pz؇Q>iqT\5K+p3$#.JcGyU+彸v# wTM1lΛ|j4 #P׍w(5> ?(|IE c?+ Ti<4 3?kBȹaaֻ/qh4m[+Fj h\emɚs@Wq!BfP?QGHbX~1ĘS۵uau~wy{z k`ti6󱸼7<9>c+3Ω [Ky&`|{~lcvFd `Ӷ$eeb/(yE ho:69^`=|#y5U,P6Tu--[/e?rd%nr"˂u)#>%pi QU //C&Њx*er 5dWda1Dx#J8Dp(0ib;.^璼?sx)h.Kw$ZtTa 區1HIF+39m&\H=\rJW尒ܬ(no@Tw$KRD}[[ɻmΛ579Rn(ELƆ1Yc/5D>7r礲>'6:PY||}Ds] H , LC=7A[OPSCEzA=Q@l#@.7G$.WPOj,j ZS>O4 ^E6݂F: +ʟ^mv57N(;a pXº̹N-{&|AFaw/qհ\+.sZCNꋴ饨+ڰ Ua8w#+_-_ʔ_cJgCrc'ژȵ~ !jNА ?fFkVZ*SNxDe8!-nBdMK]00/WT.C^:j[KweN]rHD3 Y :Ra-2Zg+СfbKgA.{0?+/8El&ǒB Ka|DZ[dݯH^ tjYP-FjB oO?֮kRkEk#JAyDKm"@l\C G 4(Ɯ?`E")t OP`㇐y5(>ҡoz4 d~?&=i\UU^TQ֤FXjgOó6 ;/:uoE87Ew~wz"β/h=!#Kɺ|_5ˀby QfQs| 46r3Gt׻`\վa9q L'(ºn~9e^U,i+Pyd"w$Tj7bu{-}"TM0+_Έ&Ue J!J?wyH)fc\䙛XSOiq@Akz7>靈(v,Cwq*"O#?ۡ}p:?">#Lj+tJ7p>E{`ğˣ0ZRp<MY//.ӑͷXO$%ʄ76 M%)~o7abv&qgj<ʩFcfv49 }HDlSq4os%b3ɑZt!J%ĵB$cqJZw;(ԑo%`nip5Εz9*UUIrjM4!/` vKSiM%RxqwA.ggSd`yiGݍV8eh @gOnɪ:*Xب+d!,v54JXn)͗f{hJQ2g\P^PBt{qgR% .qwDaYI Y"n!Ct.%Rup ;1ebD)Bg4Br> 2NFs Z)>t*և+d OeوZ׬?ȸՉcYPvXKz43<αc?eLuKtK?5s}c#)&&KN7e]6~ZvЬ SHë%R^&V|Z۠ uCDV }9"\ZTFOM,X:Fl"Dbxzn`VbyT9d>E\A A9ڋYdn4HM/U QBr]28cu_3E<^>{m`/ (|GV9 xErFyЍΡ_/T`PZ"nFs_uJ! %!} +l7ō8[e@bswx9su"E+rhnۧגÄt"k dxcF:*,I~'n~7I|"_c÷^ /pɼ, Zm RBɡ3TO[Iz*/g/aT^9G]YYm Jx>VeTXPCEfNPHcgY""S.홳>^T"4,(cףVsWH k3{g1I)y1г9],,Ė4ņ#1*2k𾙇f1EU6?HTB< @Ȫ=ي`e$amDB7GgD݊9~6+IJr\}J Lj5~ood/5khtLz1Uy7??e"dŋClS6B*sy1d%gi>ڠ$u'G^ q|~ tx΀J]fbϐ<%_E2q83)*73+r&X L>,v '|bkB3ڐ^ iIE幻n(eB?džmקјo4@Qh1ASUwk=,J~@ǃoЅTBrrGm[W\$P !4:)*mX;: ̬wk ݨ3oh3H*DM\Obl`7= zːDqPy`hmΥڤUlDC s^W/61 {^-MJAME=HKhY vzVstnB+&w`qo5H ?އAml>BXٔc8myϏ%-Ǘ#qTGpM0WJ&0&" `dl"LH2!`!$Ql !C B $dϭOٷP=<晇BNO:WQ;Yx;M<o]A$1d$>=ĕR|!Ty5hbƑP$2ONW 0Ցu!f$hk,pL>>fU[K2.iյ~aḏZS7cX~}LG ,Я'/ZW`CN6k } .)BcoE!F"qTP, ,azM9 P6_(hUH|<IyO4&a]peI\I7ՉD?ˬ0Bw cx@Dr>Yw_{<`C.Vzw{ CzAQX~ E]|_pA H,z4|Lȟmt1*5ULWmAX럔)~nf2 ¸|ȶOYtMpؕ͠,TB.뷁P@ɱU m'9ΠQQm MI !v7F'M#,mSE+g]ƄZg2t+?WuJ;fW2)<ѬiMjlDeۗC7<b=todpNz Q;8sqE9krMO7__UU#g,jg{kʿJQpV?2y58&߽yD3:7L77r6}ܱzVveL['nHvą|qq:!j'侙˽)2 !ٙmbsNzP0}oRlf5mة&2E꭯u͢tWB؛^ڴB=Mf<<_b|K$Mw2ڄ,{+њѽerM9觏 ^PGrKD8iBu3l%Zx L3>XH/y1nc) ꠫|^PLП;ncNOj+0 8fVuv%glO%Itk2:,wdC+c|L/φZ+vr>ZVA"C'?f˙o mMSWX!vv-%5vtKsޭ&T؎m'Ը5%D Cu޲>?)kNjV#gfT(ʴn.4; icU;%I''0NGUuke]; h~#t,'OwU^T@>W;ʿI +*ǰ X'⪟0K lbZq_c7B xLy/wk!WRx9Jd<@Xagl#pF*5aGJ}C9ѻXIZI*mtfqJHH(pvW)u9#b,X>f<)p`S+]uyᶥ<^Y|lk2JJ& a°*[,4c0HŶ#7w9ӽxcX}}K߮dl0a`y|% _\$V@b<H]O<&/ thN-7W# RWlBҵf$e]KDX{Dǻwd@qN/B+}D<x.QJ[}g>݊fv˙6C<BNyr%$Nt_p}4+z+q.:7݀|D,u0MiWV@ٿ޽6?+qx450r60UXڱa%1Oc0#T{.٤6k yVpx LgunOTi,HcXP(tzh 3x/9zI☆9nEcwUaYuceF|^9OAǁG'µ:T]QwYo滣 >f*>2r*pucm{zSZ2ȳϸw-$Sw@SDm9m'_HKۦ򨩨yJZP3BA#e`iebU\dT6BrJ̦xU0DG#l8*әVa "i,ݨ5S=ZLtCd-|F{8ϵ)*P4!Řgnj8SK^S6.-;ANo$ !qpJ z[i[2]HXp z"ZN/VZgxW!b ϹL.Y6$e)ca-d:S¡sbfBC]@[ơՈ5+"d9#3&VA"d0h3,]@OG Y1 'LB&Zp)%gahdkb/SqSa [LRptP%!IP) Cmt ɲ9G^qͿ}ʛ. C^:BO,%э(Vt@: ɍZcg 'lGl^Zt:')Kt ~Xȿ۩?M68;W)W9BkP5:Gy#׎V= - KK !J'D{]4Nj+U7}#yX% Z8 㡗V#+}wEHjȶ:(8/3`w/H6~Wn0 PpyƷ@\ q4-y3^.fK5L|Dޱs\ GL_NCLʭPo Yjk-JEC_]'^:\cUJH"^{q{x7k#,FIȻvx1٩S (r'Wõm3ueiZϤM \9"}. aS$޴Ik}'0h:rh(BPū膽ϽyJF.{F 0q=Ùʰy5+?C"kZ*\lo - ᷥnE( _wȵ?t1&1(Q, gq@:]{<,'q!+\:G+a~Lyu߶}mTkbs :߼$©!bx*8;X齃ĭmHtB@d[Qw!k:j3p{L[8?xeDRA]ytKsсsDV2en)fLot^w,潡oC]efRT ρlQk$-XQr.'1M{򕉀;OJ#uޗME)8aCRD v?c,ˌz0~r3=ke-LW]b\Ѣ]r[­O`>ɂ!hHW2˶kym4UsYb5+UYO td-0yX(f.ܝ6̊XN_ 6^D?kبP`̺Du3c]ne:BW~eLWH`W9L4Ϻԇ`&:}9|Po9&s5i`~IavgYa|:^+jүc[ vAma|2pBS-~ wBUt5STM]@tNb9t\u9i%6Q/O (`Y(ȧk:}_!x~wX~֒0=;dՓWJ|![ XNo߆ɬφX}oq#ٹwBl&dKPn9" 4&f!w}S=N[V6AghaBGZ@:^E^@rҹEݰɒ?c8'F䐅H{5kj觃$ y1DQ}nġ0pF/VvQ>jSwO8cQcT'^CN~""-KEZSȮ`iufl`jHZ?9i|E㚎3FhHu4W[19t'A{uXxnʂqvق)l#hcd1.s}s\~a)jDD`#՝]`㫰.,ʒ#$7e_jJ؋>` =$V +` AE fDn*;̯HAWhIh' 3]7} |?}:{\8A %^ѮwTs<;_ YV6]Ra)"D5<z4k a&U:e@V( (hµ$ӡwȷgjRkY} YC%=c @„NYUP/Rq.^`bIXbDhV\kI^: wҁJApq-b_pf`@:5`k1ޮ LxI۔J M\;Pp#VHP8Y0 ۽߈1FpS{;RcDIY )4RbgGrRDgUN8qՓ}r<3rOsEr hqhO,&CU6J~AV%Ir>2DȚBWy,#@Uq^0( rȭɿ[ȳ慝ҝG{`y&Tn}42;s^HP?"(= fk}bΰtOvIJPĤ]smH\jDw *@]zq.ِ/V,/_\^djz2xYb1uϔZN B5 VV=wz~-0IH2s=\Hf޵,MFKh[ȶ924ĶFB^k' "]# a5U5%m籝I!<}MZ!k"zPpe^trjDDlX>h#21P-Л4~3g(x{24Z+À}0Flg3kv%MK@K9?B  J4u&.~kũjbkTU" IB+j)1Q%fvN~bIBƻ[y?6s"Gn?:Zmdzڬ1vpX!Ď3j>4Wf8< =y4UM-{2*}s)Yaۧ3nB$y& QE\hmj[iUxP͌(Gx_;iӰzECH[7>+UsrX) & H+2:ziҜ=vY)TRNku8:7kK!RE:PLS=?}9KO-@O53H'u4mL1tʀ<(3)az6Yn5V;1G v#II#)Clrm{ON.V%"@5i{0i.]U% iJ`?q>< IkvMw*ՏfBѬCЛ $T{VX"9v+`+P.:xarPBga~X'lҘI8YhVϡ2=J q6$,۲ ͻb&I̽yry2zA]yJ'= |g'sMPwbмDTvMowVY669v>RMϘC]5I-z޿ ?yw¬8o'ͅN߀E(|`N W{-$}O=e9.44d62B$s4ӫDB?5$}P6b)F@MUjKzZ+Ai5C'8|8p|Ēu F}~ 2Țok`F$$i9ee[3$q4x"5ڈΥNH<1.E`:%!(r?~rFU:~z8O)+[eمRd6҉9(.$u  2Yn~;vLl) 8[ 0u$7<ڸw؋E+B0h䉵o,K.=d;pz6xJ=Q&ͮG|}KL غ0\Rkm8!xOGgJn ȏ'Z HGF^.dsDŽB4egzJc:caDdlG:2Iȼo N˿A mN1\+I] \Uי(U2iCF]@tm{yBWOt :"h,3sppQ+ y]ztZG_RثhB* a{h:qQK)3ܕLe60>J-b5j^660i;&:BK~aOYFt9Xc:4fqLdi/N]8}_ @7θ(dfmA'_5˚%]ƻs>^EDA;I#~f~[:Mʔ޺m)Uչ|'Eqfq80aKf0=1by7.eq#ca@%n@lj4.„U 9լ=Mwwe.skڭ R:74j IśP'wLB$pѭSu6ZƟeˇ!EP-\W*9(60̊4Rjd9e4XΟ'g 9GWDPd iH ' i@$lAFԣㆄ˰i>T˥j*s%]%w_P&a;8ɩ<1"Md!U7~8weҖ͉Xݞ[Q2{8`p"fN&oi/2DAt="t[-> 0jbUjxskv"?ocRpT_L_=&f ׹p T\A芉C͋V4  7P`?3HatZ)=B;X z8ٲXӇ3u)@De-xhq^! ܾVѴ,^t&Fke6hNG1'Uɴ2|q8.DÜ'q30I?md'))"N'ݦ\n%_;a9oﱐn iw fa"HqؚlW 軁sQti_*ߖ3}k39Y*/fdRNXíZ># [(3ˏAfdXȍMnFRg@ b¤ g>^w>[G(t-ZQD T5:cDr:*ibWe(,(,+o+B9Y3t#fۯe> 1Rd=دĉؾ\CݏR F"=}AȐc[4p`"6Oސdd5+ 3ǐ2:E,Q$Oimb,!Yٮ}1dDؿsyQ|[|q ZXATWsm7JƕФF  k(TxlwA- T Wn'k\/.K;eL-q>G3Ič D&XV/| qIٓ: }O|HYYeD8nݯKDmE0< )(3mTm$Us#9Sb/$ܪ4g-wWylN!@AV: ՞C} gXD[8QVuh5ZRϙ"V_}1$ϳ5~#n սI#9peRjT۩ڈwd,h", Oce4֯WQ)l\:2:LEiԌ14D%ZibRtZoGsZWHRlB" ma*<rɫƍ Lޡoܝ͉!ԘѣX7Gp(+OE%m)Z5T9=Z^-l8 W}4zEGSrȎcE٠T˿8JV |.f~6a k)XTVfݶsÂؐ@ tKX"!:\bc?=s3VglWp;;g( dAD`?/+9ۑGPQUMqzڔl_p^*z$]NrYYk%C "J9#Ѿ;C`ce[e'6n ʳMYELic~0`f 6FZl7Ncr}9, #i`V@>Nڛ#WF;i+qłqGxSj!c4?E9p? `y?HS4A!Bb [E4צYd] Z"V^c;hԳ0%Œ=+1pu"T/[=jaM` NU_*{T"c8JōGBZ`%EG>]f*u\{܏&57R56 O7?u84m Qf<+|^j\`pt٫6;3jB  wz7]/|D0C|{kn쓶w~*66 v#tsE?KK(EP䊌*׃3M&<KP&a(G'lN1u3O5˵4\4]AxXo+*]G|ulХlF+#y )bbkyH: h)>G~s]BLn^Ӛ"µ#:$ƛ hلE10 0{b/'As`F^Fdst>Cm5T C'Z\W'wJ.1Jx [O릒%jMGk{fgI/2d`/.~(X$4-^m]8RGȌ:;1d#nJwNwR|QDRg  %yӁN~ߊ :&1V8 2b~ 3ap[a. WOlq6M޻I :GfXcE.-DZZBz {彈| 1z2_`O \އʎ6_旅ŷx`/)X5g% ?҅|tFv ,>Hᅯϯm{!|yA!uD-GEno[{%6|\fO+&4g{x؃sZD# =+e,ϐ֙B-x#&Zu+wBlE:sl t\ L[:H ΂WIsnPd75^:2X{)yISL.mOVZpE[4L=$l =^pP+s`y{ ڒXК9"$KtRqtZR!4} '#M,jF K{ |=N /U:(18ӷh5D&aΐój (+ᄋfE7NeڜBQMHk^7R3kU =,[*ZU05>+H+; &bSUjV1wM6@/abxVVG1qd2pޏibϺg7/-D0kaVXVν03Lz_dQQfgHsX!/R\2X9DQcn$VwbgKm$2U1ܼe|p._A~ҜAuGH/W{u_P$tixj >Q])n8&;xUAR&Fb) NPgRl; z{UEdv+y7B݄x9ԋ] !pDItZX_U; (|N(Υ` Nv&J/'b$O7KLR=ӫzc;8s# MCӶ4'gF,XV%T#bh'ɞ?~",⏊&XG2T#M&I-䀳xN~~nzԃٵ>X0!-]lqk*Dbtp|RVk_ (do&!(x*i!Y K)wTޚJMe5@t*ހGϻ-Ġ >HJ)u7Mk ]ZNb9*atBS@U͈pچ:pA+1FnٕxƊV@b(ߣ|@y@5l+:Lvj1$l Qy_Rp)`~xBnڎ1%or5ANjkEuKM{ҡWm㢻P?V}};=VU㛊Β;QhҹW7:UTu<,syVml˻c4Sn`%en3J{>m l!go S`(3 ̩1awTjor'RzjMm4jZJk u&iEؾ}{JwuNW!!$ބ \2p \Q Rq\T;n( (TE} R2a15Ԃ \`ȗ-IW2 tʉ৲ 9{P+ҩ&"qiq4p_p$rt#UG?H6s5+fkK>q[ջO"Xj਑ 6S[j0IԊ5 m0NA#D9-;wvgᦙg\Hu-]m,a뚆$|z2=UT>1CP"{!+ooG9xlj=W?iɧt'qqmy3]IUN&~O@.Wu

*qI:Mv8<->L48i(d 2k K>0EMx3 _=NKfr'&v;un!(@_.lkbZFSQp@w5WϔꇒH3)!yJby1@;zFg-ktIKxKe~N}AбcjqA Kݟ)~x:+-%RwS,= Dozb(ܗ `Pl6_?NaT*Qdi-LtOy-z ġI9!(7cD9G;<*.lEN}J2%. AqWBg6},z;TFjv;* &Ei*8H{!2iUsa 5cΝiڂ(eA)GC(Iz7,nf,!~_"bF!pL"&OfMBa[ -1O^0rs#V;?CFHq^{?ZZ^`㙊0ŮX;MQebP?@}HSO,h)xDCO,Y|^.Qmf۾i!r%;")]͚gb >|;p͇B N%}k:5nLEC ]„~DbAػxTia0Q2|eu<5dik&GEd}*͔ J^q[{GL)`c/[~uR6F U4xәet˚ɯ򱸧Ķݱ&D_&CD Zw!oìF7sy" ؜S-f+â~œPը(^= @#Szl8^HlU*mn-Ko7 ɢ'}`O.o`_U&r]E\%FmBm2Hrg/coo$t1MYhwA{̭U!Sy@Zbcfz??ZƳY//rXk{TIL;Yu0V!n-ǭyз !f5[0 lj8;3S>6 o!x7 ')^n_?v#/O/0z25:(l,E9>Bv*e~wf*";ʮzT 0U7 cwZBX 6%jܹ0b!Q >Ś$qa.Y DdiflFҼ@i>202u^űJ~BӅi7gA걽%sXz#R(r! lE$ENϠ27"vE8SX]0YXcܯ$uY#EVzJz_ҶgOH#5>5LgKvh\V91:شC^ڴK}s@ld("ȾT*4fWZ'kH6JdxC}ڨcײH8i*.[5 1jH5kzcQJ%Z֜ڂTy}{+2d.1XCnNV -LˆBET⮽Z?&r;h*!C$з 뛽7P'P y!BfigdNvL+B05cH+Zߪ~DNI!Xrj}/Cpn\oW;$.2kz܍@ɤ#dQE鎠9HC0AZF>%[SClEmis9K76q:k,QcٹKAHGgמ9ۚҐ7;3-Hzcq˥kgK Z1@ʮA"гqI/0}^ IxV(#Ɓ F {-@(v +~Pt_Q@ܵWl[ {vZwZ%ׯ,J0TXtNS ~iav/cY!Lu ~Ĭ;K;U\+mU)vzLGuf9r'AN4m慍GJs]"C2u.pM:P$)BFηz-[ L^Mk||9ٴW[sA-Yr5[Ñ"Lt|=ww 䞝g|%P)9l5QƊ\-KS}r;/¨ `NO4Q|l#) ( ng3N $>j#bIjk6LMrXADoC9coGuX̦r"iˀO !$1"Z ?y';uFxs Q>S߃fd~=(BxR V?}jh %q}h., p~(+[h_Q7V 94:"ȠDwLj3Ω(V mH< xۥ ׂh3D]WM[!Dɱ*]XN\m@YJߦڷO6OaZt]E.QQaLwmH,! <bl4W Vʔ[`OG:gE+jFZ'?O=r{>C%S|52a1xaWtOT,?a^y)Y($Ǜ&t$1^} ,YȒMDE"oB_\働#ގY.2f}O(%ovWrJhQc>m-jU\֜KkKS {dTvmpl7D:t+1qAc8@DXơEܐ7"Ru/Hة]EUt5%5ѯrcb3ҷVLSĝ\Z O9_VErW, 1`V<ƀno8: Qb*+ok@ky}nJ;Sr`85V扣;zAzxLq+A&L9"31}mh%<lGqFhsE OQ穆o#Y =00sgOP< %$SCAs=5VTxօAO8-A&gY5+<~`Le'G}kl?z.B%`5##!ʆ%Zw a#k?/x1 S@:F̓cENa~'+7d;;G#~S,xDCP<~QKC#>UgS\s R@TP3%w)a(, `_\& wSVpؔ>h*&^O=o$DE=3sN)d p2/MW?u$| A6JL&b~ݛJ_/=ydy\b=+ , ;JREն7ܤ~##^2Ƀ瞧:Ӧ^2i tpyU~'O!AE"65eW;?# D w]$l@$<ي!#;C܅6lO~y xHmŎ6JF৆q87n(r7TweR@Z]hEnrq~wgBm*(CWǫI>6G~}e`;Ѷ.ia~W=XҡCf-c| Fb3\:F*P:r!L[J)q&JOac;)}^@^o.d(S@H{JM`*oqpjC#&0?7#ssE^%{.ctcB]z3A*Mȇ#Xm]qIF1WK |k膄@?ʇFXEhn guSnPڷyT1+>TRy55JLi'+t'dEb>2_z#wG?nO9_7Pg,,\r[o2ڈÃܤX 6n5ӵY}|WO$w4.ኝ{CeZk6܍hm+.).=;]-_>|<]x0!&Tq5C3X ɂ0Ú %XKd(oTۅ'}vЍxV^*uZ2 Qd}9b? Em,y3 p` YfPx衎VVbxω  hk]+)pp̂+Ò8^$[AK]g'WwoE,?/<祎f`-͔HlfCH zp4̛S{@֥0ry.xV]-ch*d7QՄ57(ˆc ڴiVC7.p HQ\(h73vvCT> >ٔiMum(U9}Nӷ&m-Kyoc ?eE9=0$nc(%68I0i41s mX'}i<9{zI_mpJx#v(f*1ʗ?3gv_vM!l;}WΩhθeQqf(/`!r;A) Xu"/ *kIR;L}?+T**Vɖ w H.Woޯd aȵ0?@Iη[2ieZ*fYǑkjk:S;Y,@]&N ͚ZZ!$sOМ:+.N5X̓ SZ](?E#"xd-09Le B[x.y&9a8sc@ճN<2hb;Z F&!fHֹWw#mw>Um>]u3rQP CWZeHuŜ駇KǦ Jz]5pמtZ;+w(¡PZ"*EM[U 9J"_]|櫃aZ.j/ְkvPxf9H#nObirqS' ;<9.jpps}lW#Zwii:M j0O6oƼ=i lcѲl*"M8oR2q:s$/W^"T\Ao'hFuarOFX-=+z32[kCJwa+%;JBiÍp}qsx{-?;3Y$!(+<%7+iY?щ"R_š8wŰǕEw95wW8@V mN8pk3WfQ)@tf!hk3Ed_R5W@ҜTxU$TvFkC{,,hsE<UG^~MW, FrhrDSPmsMyȶt>B-عǀ 6!|dL}q/*#OK q!is/KCпE/A|}@kQe!ͿƖh {Re"SssTjߤ~ xZg:􏺝yDX3fG¾!%G )שAB,+tt'~zv7|Z X`.\կIoh._j' e7w)Jo^Z`n|'e%^ֈFWd]9k2#O^yM`r*wđn[B,bEi2,TVI6`}7K ,]*Yc9vm6\Hx OaVnwR̿3i_ptmhuP5YAbbP9:S d[B<@\:Ы" JC4_Ldr8ÎSRqfdT5r[!p` 9`fM~; %C\M)%wcfT~v8\w)I7"jzWQw0LS9^mxC@ٓЉ5 #䌣+wOǕwHb Pa֣^>;>QLJB l+]prOw3i1Kh1='W<{)`\p#yQ?3>SӃ):mOzlJ.vMdZ]=S'λha#7}J~Msg5,!G-ݶaa\0UgK{NSRK tm6K}KWZ+w :bL̀Yʄs=7A򳶰LCkNn֘`jx54*ǩD9j3zJU*cyY- qWC?sX;0,ZCa~'kѬ)$&ɣ(?C 2{;/**}9Aaw+\m=m-e t@/V2&e5 rFЮBi{,~95gX -#¿[ iyIq֣XL)EY5=ح^d2[wa2 /N.-6kX. GSĥ._QQM+LIѨiSG܌TGE =9Rȳ3Xb[7ʌ$7 `Kpj$2O>+E]QX؄[{HHۉm!\ZΪc|WұK" 8LAw ŧGx(,'LY5094R@w rj%GEJ$c|AG렗GR֎% g6*Z_mͩ]ȅp{t92Ի_"9E'ȱ`=8@=seEyКq,9X"EWFNK6Xwk*qwTAyN&(:Pl)Sie!P5紀 *T'Vf)Z)Hts\DY\>*Fg\bϬ&>:rv6d-3IG1. CG;vh1ZtI/]XLis ԣa&N,2R95 '|"$m(3{$Q;Q^[ 2*S﫤RCߛ)FmIps<8!rbʍO?AGMpK(:Nէ%"ZB ^Mӎ-Әo')|Z. pajʫ%YK3P7vK)guG^:jHiio]|0}. @7uPkW@}?yṃsWCY_ߍWɗ9څ&l6IPKrfݯ`D{"}"DBzrMLċdN ?]Y(7( x+Tq4~D 괼`ЍJojf[x #_At^tmÂ.&VZc9]BZkCD"odO t1b.obk|?yvf#P,ف`_"1џ'.s, Fט0^7s^}^gej MY0OPusY( .5ߙHؚ4IE\ѷΪgf#}N; GAB}꩐g6{E2Jl]q&@.֚j/wC+|oT+cy6cPՠ[/9 ;_YZna@6k+R ,ݿ/^++ck56xqr*:#}} $hH,@6 PKmk=´K9z"o1ƶBL>,46*iG or)({XVEZyH7exDY!~|o=s*BjMUmg09Z;"3 d &=g29#8@ذ0m)s5vODXacxZe{ Wý[6m ثͪqk[`v5 ^4W(JQ iϸr`uF>q9sF{-P؈9S,n1c qQL#y[n39SB+v{.FvGhi>y8fc\>/-H)xkJcK&yTShg&Cٶ(]C#$ .|EW7 %&>eD~i%&{lz;Z=}3j6qL@\ S ZM=-{SQVgyY&9eVlɄ")UIc;lF̃ nE|G b}qp(0wL㦋RY#N+*v"r'Mw46suL={PEҙeVVejçRǟl1i,^pʷuI'\.*: .I[*qkt Φ3W#)PcK8lVQ:O~I(v[ 30GMep .{J@ *aK?E^Dn׻ծkwS9^F@4te:N\ȝrC]8kR5|=gQ\jS7Z)7|MM#K '7xʁa ^vġO(jf]Py`f>g(HGSLY{@2䢸t NxIHTx4*j!<'gEySSsu]~崨:R>x0|P#BQwM;k x A_.ѨBYh:cyLIN>:*2w7 +y z"E Otdh\3C'sEj.[]fFzy4 C,-S5Δ/o,T>q[7YJc(wm, +g fT6R YrL?j䑦Z # ŚUn\M [mB+h֣Ts>BcMdֿ2ە,v `abAswm(ێQ ԸJ4(j+Fv: ' ]aƦu_U 0?M0lw^Te ͱ0z74.z\sm9W!Oy(t 8޿k[wBvHFf i nYʋaď ksٻ9Yɦ۟6|Q;lX壄FibUB}U<u [6>3~b*[أU|rH6&9w ɭ^ NuG}s }{y0/nQWFR/8qMKq 9Ы`UJ6a:B$Q[ ْ+F_+a px7ӟ4AHl~$@> ɊPnAB]@{ BI a>. HsK\Q{: dbevo;8w+ML{κ[Hhr"|wJaՑPQ[a@BmUY?FcFW,Jͬ,6Klj~$6Ym=uuZLz7uU<ؾ Ǘw,Mitvo֔L3cW͔ Z HPD###6nk=o"Wt=;#BE'}f7v鴇m1),8+ѫGtJIBo{Yw)zt!MkE5g>,%~]Gx:)ٶHhPb*= [XJt 6_;Z8=59׮H,./ɧJKmb"EJx:1 ˾*#wh#ٵ$#(h[\ 2܂A&qf(CJƆǠԤ};'0_ۦ*A3C :;XyȌ`֊+My ]ͣ,|$(Œ(tK_5s q12Q( ȍ$n{X P ad#C]Pi4 c6 velpN̳G$M6>"}BiCQEEp/mJW muVxUL~fbk}־ldG*t]%/bH?j.>IJ!=19qS`PR;.BHLSI }$bzXA+O%~xiJ_[pq9ZAp%f4(U%lD} 9qq/+ ak٦poa(OS#c+1@FpuX* ƲJYAR\&kONÈL-= %Mו $h4|A.DtY G?T(;k(W*G>sB7~dito2/lcA[w=n鈄}`~44AKbZ)6 U$Vנ3#e5}j'/k豦$>x 0 KSc]g ^j:sKS*yLy0yp?T Nt5,Փllc4o8tFx v=8&f)teйO^3-[O HZ!)+;Zwa֪d䥻 cX|xVꡜvE\e.C'B~]!Sv j~Sij>.Qh>K똇~BF`GU۵ƌ'Fdr ыv)Iˣ0>%%W;} q7ǣjۓD}30w4 N]8Ql;JBnI$8$GàJ^@=c:Ys/nd/w'2_'hPX='"ȉ1Պi*C%vҟg{(ұɌ+ /R4 -wn R~!4 K6b5ZWUC)m܇ŒmQu.q`Y+:<=Kd orhTU僢Po$\zGfKV7vNW(,ִ6+{;RU]?Z% 3Iw&Z` 9S^6Mrp@^7V}ᦽb6=!2`8 @ ~L~33hr|8# cIo_Л*m 2Ar2֊qU,`]ϬLb;CqcRf\cdf´ /811s`QrY=lc}Zcy}Eҩ.c]cBEZ+Ǹ7V9 Gx:$BzhY$ =oYpAlYIqnܶkIՋǬ<bc?̒z#1T$zR, 1 KvBQn93ǘ !̌m56"Czz#N{$t͞' A[>8"2Ɖv\VB Ts~:׸A1vs},U%0r`pi/f$vt. "(^;$T-^50`,pKmuBbD|PJ)m0WP-9dT0R.;]-fb# 2ɵ` CO&YW2/{NZ63q;O6~;vI3(+*lbMMz@Ul{R"wrN/::ȁS̵j\sQF0}8aք֪uvhv6u%axwD<@*fgqƩ |[W=JU*bH*" W:UH92uǟ틧'槷!^ς?-0Y1FN`Nes'%o@LwŞYCDz1g$kN "ne&e[XU[)|uȪ;ʰ)&!69ЂynZJJ:mǖCk½>LQ9iMu!~ev<}Ohi-|<ɮ5Hޣd Q!1?x1h^TZ % 61Fլ~)E a߈nqyc]SuDxQʍ 2{FR:O)u?،R}cnC.7Q<>o3{w t APi?8T|t/XQY _Pr]Sɮŷ.y~7gB;*1a9 \y,bZ΢K.cԸ"r@igi̞A7;-m#A!:DmGvOftU~4](BvQcLuSw2]ƹ`<%6zInIzZ_pg@ZF!~6A?s*2x7%B awPِ{;M%5 #PmslYZxj<6z't1ZJt"LS͵YG{<:  oYWh[/x\wjhlK'09AM#ϻ9QzS<ݱ9,! zdh